Ability to allow only specific domain(s)

[jawabuu]

Hey @max-wittig @ercanucan
Is there capability to only allow access for users with specific domains?
How would one configure this?
This should be useful for example Public Gitlab provider and you would only want users from @dom.a.in to login.
I see from the initial commit that this was removed

        if domain in DOMAIN_BLOCKLIST:
            return helper.error(ERR_INVALID_DOMAIN % (domain,))

        if self.domains and domain not in self.domains:
            return helper.error(ERR_INVALID_DOMAIN % (domain,))

[max-wittig]

We removed this, because sentry removed it. We're trying to follow the sentry-google-auth plugin as closely as possible to avoid additional work and until now nobody requested this feature.

I'm not sure, if we should diverge from this philosophy. WDYT? @bufferoverflow

[jawabuu]

@max-wittig The original https://github.com/getsentry/sentry-auth-google has been deprecated and moved into sentry.
The logic to filter by domain is still there

https://github.com/getsentry/sentry/blob/6acdaddc8932d44ea85c57ad533f5062d9eeb479/src/sentry/auth/providers/google/views.py#L56-L57

[jawabuu]

@max-wittig It's actually still present in both.
https://github.com/getsentry/sentry-auth-google/blob/c8f6875fba5f9c22b09600f86407409f333aaacc/sentry_auth_google/views.py#L59-L60

When was it removed?

[max-wittig]

Mhmm interesting. Then I guess, we may have deleted it by accident.

@jawabuu I would be happy to review any MR regarding this then.

[jawabuu]

@max-wittig Thanks.
Do you by any chance have any sentry docker images containing sentry-auth-oidc. If not would you be willing to publish?

[jawabuu]

@max-wittig @ercanucan
Drawing from these

1. Allowing multiple domains for google SSO
   Support multiple domains on the backend getsentry/sentry-auth-google#13

2. Configuring the domains for SSO
   SSO with multiple domains getsentry/self-hosted#2894

I have created this simple PR