Skip to content

Document SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS setting #358

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nijel merged 3 commits into from
Nov 10, 2025
Merged

Document SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS setting #358

nijel merged 3 commits into from
Nov 10, 2025

Conversation

Copy link
Contributor

Copilot AI commented Nov 10, 2025
edited
Loading

The SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS setting exists and works but was undocumented in the Google OAuth2 backend documentation, making it difficult for users to discover how to restrict authentication to specific domains (e.g., G Suite/Google Workspace organizations).

Changes

  • Added reference to domain whitelisting in the Google OAuth2 section of docs/backends/google.rst
  • Links to existing comprehensive whitelists documentation in settings

Usage

Users can now discover from the Google OAuth2 docs that they can restrict authentication by domain:

# In settings.py
SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = ['mycompany.com']

Screenshot

Google OAuth2 documentation showing whitelisting section

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • docs.python.org
    • Triggering command: /usr/bin/python3 /home/REDACTED/.local/bin/sphinx-build -b html -d _build/doctrees . _build/html (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>Documentation for "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS" </issue_title>
<issue_description>I want to restrict authentication to my app to only my company domain which uses Gsuite ( google apps for my domain/ Google work).[ I saw this post on stackoverflow that suggested using the

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS=["mycompany.com"] ](https://stackoverflow.com/questions/38566799/limit-google-oauth-access-to-one-domain-using-hd-param-django-python-social)

to restrict auth only to mycompany.com domain.

Although using this in my django app, settings.py it clearly works: I wanted to see how this is implemented and what the caveats on this approach are , but cannot see it mentioned in the documentation.

Can someone point me in the direction of how this is implemented or how better to restrict Google Oauth2 to only my domain.

Thanks
Hari</issue_description>

Comments on the Issue (you are @copilot in this section)

@nijel The implementation is here: https://github.com/python-social-auth/social-core/blob/32d7bcf41dd0f21dc71cf14cb5a7373a7e522e88/social_core/backends/base.py#L148-L159

Help in improving existing documentation is always welcome.</comment_new>

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Add documentation for SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS Document SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS setting Nov 10, 2025
Copilot AI requested a review from nijel November 10, 2025 11:57
@nijel nijel requested a review from Copilot November 10, 2025 12:30
@nijel nijel marked this pull request as ready for review November 10, 2025 12:31
Copilot AI reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds documentation about domain whitelisting for Google OAuth2 authentication, providing guidance for G Suite/Google Workspace organizations that want to restrict authentication to specific domains.

  • Added a note explaining how to use domain whitelisting with a reference to the whitelists settings documentation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@nijel nijel enabled auto-merge (squash) November 10, 2025 12:32
@nijel nijel merged commit 592a10b into master Nov 10, 2025
6 checks passed
@nijel nijel deleted the copilot/add-documentation-for-whitelisted-domains branch November 10, 2025 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@nijel nijel Awaiting requested review from nijel

Assignees

@nijel nijel

Copilot code review Copilot

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Documentation for "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS"

2 participants

@nijel