如何允许用户在NodeJS PassportJS失败后尝试不同的电子邮件？

Question

Currently I am checking whether or not a user has a certain domain name email address using the following code. Initially, when the google authentication window shows, there is no option for the user to change their email address if they are already logged into Chrome. When I log into similar sites with Google authentication, I seemingly recalled being allowed to add an email address, or something of that nature.

So, say that the user attempts to log on with a non-lsmsa.edu email address and it fails. Currently it displays a nasty error. How would I make it such that the user is allowed to attempt to re-login with a different email address.

if ( profile.emails[0].value.indexOf("lsmsa.edu") > -1 ) {

    var newUser = new User()

    newUser.google.id    = profile.id
    newUser.google.token = token
    newUser.google.name  = profile.displayName
    newUser.google.email = profile.emails[0].value

    newUser.save(function(err) {
        if (err) throw err
        return done(null, newUser)
    })
}
else {
    done(new Error("Invalid Domain. Must use LSMSA email address."))
}

Answer 1

Check out the hd parameter . It makes sure that the user can only sign in with a proper email.

EDIT: This isn't a per-request option. If you want to use it with passport-google-oauth , edit your config to be like this:

passport.use(new GoogleStrategy({
    returnURL: 'http://www.example.com/auth/google/return',
    realm: 'http://www.example.com/',
    // Add this
    hd: 'example.com'
  },
  function(identifier, profile, done) {
    // Blah Blah Blah, Blow up Pluto, Milk Cows, Eat Chocolate, Etc.
  }
));

EDIT: If for some reason you have to have them login again, instead of using hd , just destroy the session ( req.session.destroy(); ), then redirect them to your authentication url (ie. /auth/google ). However, using hd will be a much nicer user experience.