Validate a user during the auth step
I'm working on a personal app (i.e. nobody else should use it but me), and the easiest way I could think of to launch it is to deploy it online (e.g. Vercel) and use auth to prevent anyone but me from using it.
I added Convex Auth to the app code yesterday, configured to use GitHub, and that part works fine. Once the auth phase is complete, I can look at the user details, see whether or not it's me, and just not render anything if it's some other GitHub user. However, is there a way to restrict any other GitHub user from even completing the auth phase? For example, GitHub verifies that someone has a GitHub account, but compares that against a list that I provide to only allow select users (e.g. me) to complete the rest of the auth.
I'm likely going to face a similar challenge in the future when adding auth to an app that I'll be creating for work. It should only be usable by company employees, and the company emails are all run through a Google workspace, so I was thinking of using Google auth to verify our users and only allow those with emails from our workspace/domain to access the app. However, I have a similar question about a mid-phase verification. For example, the Google auth page loads and a user picks their Google account that they'd like to use to log in. What I'd ideally like to do is prevent the password entry from even appearing if their email isn't on our domain.
Is something like that even possible, whether it's with Convex Auth or some other provider like Clerk?
I added Convex Auth to the app code yesterday, configured to use GitHub, and that part works fine. Once the auth phase is complete, I can look at the user details, see whether or not it's me, and just not render anything if it's some other GitHub user. However, is there a way to restrict any other GitHub user from even completing the auth phase? For example, GitHub verifies that someone has a GitHub account, but compares that against a list that I provide to only allow select users (e.g. me) to complete the rest of the auth.
I'm likely going to face a similar challenge in the future when adding auth to an app that I'll be creating for work. It should only be usable by company employees, and the company emails are all run through a Google workspace, so I was thinking of using Google auth to verify our users and only allow those with emails from our workspace/domain to access the app. However, I have a similar question about a mid-phase verification. For example, the Google auth page loads and a user picks their Google account that they'd like to use to log in. What I'd ideally like to do is prevent the password entry from even appearing if their email isn't on our domain.
Is something like that even possible, whether it's with Convex Auth or some other provider like Clerk?
