Restricting user access to the app

Auth.js libraries allow you to restrict users by intercepting the registration/login flow. You can use the signIn callback to control whether a user is allowed to sign up or not.

All callbacks are async functions, so you can also get extra information from a database or external APIs.

Restrict the app to company employees

For example, it is possible to only allow your company’s employees to sign up with their company email addresses.

Add the following code to your Auth.js configuration:

callbacks: {
  signIn({ profile }) {
    return profile.email.endsWith("@yourdomain.com")
  }
}

If the user’s email does not end with @yourdomain.com, the sign-up (in case of a database strategy) process will be blocked, and subsequent login attempts will be rejected as well.

Extending the Session Role-Based Access Control

Restricting user access to the app

Restrict the app to company employees

关于 Auth.js

下载

致谢

友链