I’m creating a simple app for my team. We use Azure Active Directory internally which I have configured and working with my Meteor app. However, I don’t want everyone in the company to be able to access the app. My understanding is that a new user is created on first login. Ideally, the admin (me) would add users within the app, the oauth flow would run but only allow access if the user existed in the User collection.
I found a solution which is working. Looking at accounts-base, the function updateOrCreateUserFromExternalService simply checks for an existing id within the relevant service in the user record. I’ve just add that to my admin, user creation form then throw an exception in onCreateUser when called via an oauth login.
Maybe a little jank, but it works for my purposes.