limit oauth2 apps by domains

rallisf1

Is there a way to limit an oauth2 client to specific mailcow domains?

Right now I’m only using it for nextcloud but I’m considering using it in more 3rd party apps.

rallisf1

I managed to get it working via auth.js for a custom web app. Also made a PR so that mailcow is officialy an auth.js provider: nextauthjs/next-auth11462

You can then use a callback in your Auth handle to limit domains, users, even do full fledged ACL. e.g.:

callbacks: { async signIn({ profile }) { // Only allow sign in for users with email addresses ending with "yourdomain.com" return profile?.email?.endsWith("@yourdomain.com") } },