How to know if a google account is under a google apps domain?

Question

I am working on an app that allows user to share their Drive files to friends. But there is a problem of Google App Account, like [email protected], of which files cannot be shared with people who are not under that domain. Although the share policy can be changed by admin of somedomain.com, but I prefer not allowing people use my app with Google Apps Account.

I also check this post: How to determine if the account is a Google apps account?. But I don't agree with the idea of checking domain to detect account type. Because people can register Google Account with any email address. I just registered one with my Hotmail, [email protected], which has no domain restriction when sharing a file.

Can anyone help with this? Thanks!

Answer 1

Assuming you included:

https://www.googleapis.com/auth/userinfo.email

in your OAuth scopes, you can make a request to:

https://www.googleapis.com/oauth2/v2/userinfo

If it's a Google Apps account, an "hd" parameter (Hosted Domain?) will be returned by the call with the Google Apps domain as it's value. If it's a consumer account, whether it's @gmail.com or even a potential "conflicting account", the hd parameter will not be returned. See my example below. [email protected] is a Google Apps Account while [email protected] is a consumer account. If I created a consumer user in the Google Apps domain it wouuld become a conflicting account and the consumer account would be pushed out of the @jay.powerposters.org namespace but that hasn't happened yet.

For [email protected]:

GET https://www.googleapis.com/oauth2/v2/userinfo

HTTP/1.1 200 OK
Content-length: 99
X-xss-protection: 1; mode=block
...

{
 "email": "[email protected]",
 "verified_email": true,
 "hd": "jay.powerposters.org"
}

For [email protected]:

GET https://www.googleapis.com/oauth2/v2/userinfo

HTTP/1.1 200 OK
Content-length: 71
X-xss-protection: 1; mode=block

{
 "email": "[email protected]",
 "verified_email": true
}