Documentation for "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS"

[harijay]

I want to restrict authentication to my app to only my company domain which uses Gsuite ( google apps for my domain/ Google work).[ I saw this post on stackoverflow that suggested using the

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS=["mycompany.com"] ](https://stackoverflow.com/questions/38566799/limit-google-oauth-access-to-one-domain-using-hd-param-django-python-social)

to restrict auth only to mycompany.com domain.

Although using this in my django app, settings.py it clearly works: I wanted to see how this is implemented and what the caveats on this approach are , but cannot see it mentioned in the documentation.

Can someone point me in the direction of how this is implemented or how better to restrict Google Oauth2 to only my domain.

Thanks Hari

[cmelone]

https://python-social-auth.readthedocs.io/en/latest/configuration/settings.html#whitelists

[nijel]

The implementation is here: https://github.com/python-social-auth/social-core/blob/32d7bcf41dd0f21dc71cf14cb5a7373a7e522e88/social_core/backends/base.py#L148-L159

Help in improving existing documentation is always welcome.