diff options
| author | Niall Sheridan <nsheridan@gmail.com> | 2016-06-14 21:29:48 +0100 |
|---|---|---|
| committer | Niall Sheridan <nsheridan@gmail.com> | 2016-06-14 22:42:37 +0100 |
| commit | cd138ddf742d124aea3d1e7f155735576459be67 (patch) | |
| tree | cc55353786fcbe1424abd18382f32ab63e3473a2 /README.md | |
| parent | 77c2a94644dd7ec9c3ae8c995c32f2ad8d90a7b1 (diff) | |
Update whitelisting
Whitelist Google users based on their email address instead of the username part of the email address.
Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse.
Skip testing for a Google Apps domain (ui.Hd) if no domain is configured.
Principals will still be added as the user part of the email address.
For the Github provider, skip checking that the user is a member of an organization is none is configured.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -86,7 +86,7 @@ Configuration is divided into different sections: `server`, `auth`, `ssh`, and ` - `oauth_client_secret` : string. Oauth secret. - `oauth_callback_url` : string. URL that the Oauth provider will redirect to after user authorisation. The path is hardcoded to `"/auth/callback"` in the source. - `provider_opts` : object. Additional options for the provider. -- `users_whitelist` : array of strings. Optional list of whitelisted usernames. If missing, all users of your current domain/organization are allowed to authenticate against cashierd. +- `users_whitelist` : array of strings. Optional list of whitelisted usernames. If missing, all users of your current domain/organization are allowed to authenticate against cashierd. For Google auth a user is an email address. For GitHub auth a user is a GitHub username. #### Provider-specific options |