How to know if a google account is under a google apps domain?

8
votes

I am working on an app that allows user to share their Drive files to friends. But there is a problem of Google App Account, like [email protected], of which files cannot be shared with people who are not under that domain. Although the share policy can be changed by admin of somedomain.com, but I prefer not allowing people use my app with Google Apps Account.

I also check this post: How to determine if the account is a Google apps account?. But I don't agree with the idea of checking domain to detect account type. Because people can register Google Account with any email address. I just registered one with my Hotmail, [email protected], which has no domain restriction when sharing a file.

Can anyone help with this? Thanks!

3
google-drive-apigoogle-docs
I have my own domain and use it as Google Apps domain just for using Gmail as mail provider. I am using my Apps mail address as my private account, just like others use the @gmail.com account. And I know quite a few people doing essentially the same. May I ask you to reconsider your idea and treat us Apps users just like regular users? - HelmuthB
@HelmuthB, thanks for your feedback. I do agree that some people using Google accounts as their private account. But, is it weird that when you share a photo with your friend, he have to be in the same domain to see that public photo? I will reconsider it, and try to find a workaround. - xiaowl

3 Answers

13
votes

Assuming you included:

https://www.googleapis.com/auth/userinfo.email

in your OAuth scopes, you can make a request to:

https://www.googleapis.com/oauth2/v2/userinfo

If it's a Google Apps account, an "hd" parameter (Hosted Domain?) will be returned by the call with the Google Apps domain as it's value. If it's a consumer account, whether it's @gmail.com or even a potential "conflicting account", the hd parameter will not be returned. See my example below. [email protected] is a Google Apps Account while [email protected] is a consumer account. If I created a consumer user in the Google Apps domain it wouuld become a conflicting account and the consumer account would be pushed out of the @jay.powerposters.org namespace but that hasn't happened yet.

For [email protected]:

GET https://www.googleapis.com/oauth2/v2/userinfo

HTTP/1.1 200 OK
Content-length: 99
X-xss-protection: 1; mode=block
...

{
 "email": "[email protected]",
 "verified_email": true,
 "hd": "jay.powerposters.org"
}

For [email protected]:

GET https://www.googleapis.com/oauth2/v2/userinfo

HTTP/1.1 200 OK
Content-length: 71
X-xss-protection: 1; mode=block

{
 "email": "[email protected]",
 "verified_email": true
}
1
votes

I don't think there is a good way to check if an account is a Google Apps account. The only way I'm thinking of is to check the Domain's DNS MX records and see if some service of the domain are served by Google Apps servers (like email served from gmail etc...) but even there you might have to check more than one service because some Google Apps companies deactivate Gmail for instance (or some other service) to use a custom solution instead.

If I were you I would not disable the service to Google Apps accounts (how unfair!! :)) many people bought Google Apps account to have a nice looking email domain and their account behave just like any other Google Accounts...

I would simply try to set the ACL of the fils to public when you need to and if this does not work display them with a nice error message warning them about their Admin having disabled public sharing... It's not going to be lots of users anyways and it would be too bad to have your app not available to others "normal" Google Apps accounts.

-2
votes

Or check the domain using a service like BrowserSpy. If the MX records appear correct, then it's using Google Apps.