From b72422a869fb1d989f74463d90d4cf79e6355c69 Mon Sep 17 00:00:00 2001 From: Alexis Gallagher Date: Wed, 7 May 2025 16:15:18 -0700 Subject: [PATCH] Update oauth_example/ to use hd claim Instead of checking if user has a verified email address which ends in "answer.ai", we check directly if the gmail account belongs to the "answer.ai" hosted domain. --- oauth_example/README.md | 4 ++-- oauth_example/oa.py | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/oauth_example/README.md b/oauth_example/README.md index c8b18e4..cd10a7d 100644 --- a/oauth_example/README.md +++ b/oauth_example/README.md @@ -3,7 +3,7 @@ This directory contains some examples of OAuth in action. See the [docs](https://docs.fastht.ml/explains/oauth.html) for a more detailed explanation. - minimal.py - initializes an OAuth client and retrieves the user's profile, displaying it in the browser after a successful login. -- oa.py - a minimal example showing use of the OAuth class, gating access to the homepage to users with answer.ai email addresses. +- oa.py - a minimal example showing use of the OAuth class, gating access to the homepage to users who belong to the Google domain "answer.ai" - database.py - a legacy example used in an OAuth explanation, not recommended for use. @@ -13,4 +13,4 @@ These examples require two environment variables to be set. Run with: export AUTH_CLIENT_ID=your_client_id export AUTH_CLIENT_SECRET=your_client_secret python minimal.py -``` \ No newline at end of file +``` diff --git a/oauth_example/oa.py b/oauth_example/oa.py index 8356fd7..d1dceb2 100644 --- a/oauth_example/oa.py +++ b/oauth_example/oa.py @@ -5,8 +5,7 @@ class Auth(OAuth): def get_auth(self, info, ident, session, state): - email = info.email or '' - if info.email_verified and email.split('@')[-1]=='answer.ai': + if info.hd == 'answer.ai': return RedirectResponse('/', status_code=303) app = FastHTML()