I am working on an app that allows user to share their Drive files to friends. But there is a problem of Google App Account, like someone@somadomain.com, of which files cannot be shared with people who are not under that domain. Although the share policy can be changed by admin of somedomain.com, but I prefer not allowing people use my app with Google Apps Account.
I also check this post: How to determine if the account is a Google apps account?. But I don't agree with the idea of checking domain to detect account type. Because people can register Google Account with any email address. I just registered one with my Hotmail, someone@hotmail.com, which has no domain restriction when sharing a file.
Can anyone help with this? Thanks!
Assuming you included:
https://www.googleapis.com/auth/userinfo.email
in your OAuth scopes, you can make a request to:
https://www.googleapis.com/oauth2/v2/userinfo
If it's a Google Apps account, an "hd" parameter (Hosted Domain?) will be returned by the call with the Google Apps domain as it's value. If it's a consumer account, whether it's @gmail.com or even a potential "conflicting account", the hd parameter will not be returned. See my example below. admin@jay.powerposters.org is a Google Apps Account while consumer@jay.powerposters.org is a consumer account. If I created a consumer user in the Google Apps domain it wouuld become a conflicting account and the consumer account would be pushed out of the @jay.powerposters.org namespace but that hasn't happened yet.
For admin@jay.powerposters.org:
GET https://www.googleapis.com/oauth2/v2/userinfo
HTTP/1.1 200 OK
Content-length: 99
X-xss-protection: 1; mode=block
...
{
"email": "admin@jay.powerposters.org",
"verified_email": true,
"hd": "jay.powerposters.org"
}
For consumer@jay.powerposters.org:
GET https://www.googleapis.com/oauth2/v2/userinfo
HTTP/1.1 200 OK
Content-length: 71
X-xss-protection: 1; mode=block
{
"email": "consumer@jay.powerposters.org",
"verified_email": true
}
I don't think there is a good way to check if an account is a Google Apps account. The only way I'm thinking of is to check the Domain's DNS MX records and see if some service of the domain are served by Google Apps servers (like email served from gmail etc...) but even there you might have to check more than one service because some Google Apps companies deactivate Gmail for instance (or some other service) to use a custom solution instead.
If I were you I would not disable the service to Google Apps accounts (how unfair!! :)) many people bought Google Apps account to have a nice looking email domain and their account behave just like any other Google Accounts...
I would simply try to set the ACL of the fils to public when you need to and if this does not work display them with a nice error message warning them about their Admin having disabled public sharing... It's not going to be lots of users anyways and it would be too bad to have your app not available to others "normal" Google Apps accounts.
Or check the domain using a service like BrowserSpy. If the MX records appear correct, then it's using Google Apps.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 够拽才男人 的文章《How to know if a google account is under a google 》','https://www.manongdao.com/article-434613.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}