diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index cd04a374..6bdc95c6 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -35,7 +35,7 @@ type Config struct { // Optional list of whitelisted domains when using Google // If this field is nonempty, only users from a listed domain will be allowed to log in - HostedDomains []string `json:"hostedDomain"` + HostedDomains []string `json:"hostedDomains"` } // Domains that don't support basic auth. golang.org/x/oauth2 has an internal @@ -198,7 +198,7 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide if len(c.hostedDomains) > 0 { found := false for _, domain := range c.hostedDomains { - if claims.HostedDomain != domain { + if claims.HostedDomain == domain { found = true break } diff --git a/examples/config-dev.yaml b/examples/config-dev.yaml index feda4b63..542c0cae 100644 --- a/examples/config-dev.yaml +++ b/examples/config-dev.yaml @@ -67,7 +67,8 @@ connectors: # clientID: $GOOGLE_CLIENT_ID # clientSecret: $GOOGLE_CLIENT_SECRET # redirectURI: http://127.0.0.1:5556/dex/callback -# hostedDomain: $GOOGLE_HOSTED_DOMAIN +# hostedDomains: +# - $GOOGLE_HOSTED_DOMAIN # Let dex keep a list of passwords which can be used to login to dex. enablePasswordDB: true