How to detect if an email is a Google Account?_问答_开发者

Me and some guys here are working on an start up. We are currently using Google OpenID API to manage registration and login to our app, but we want to migrate to a easier user registration model. And for this, we need to know if there is a way we can detect if an email (not gmail) is already a Google Account. Is there a way to get this info from the Google Single开发者_运维问答 Sign-on API?

Previous thanks for your help! :)

If you're on a Mac, open Terminal and enter $ host {example.com} to determine if their email is hosted by Google.

For example:

$ host yelp.com
yelp.com has address 104.16.57.23
yelp.com has address 104.16.56.23
yelp.com mail is handled by 1 ASPMX.L.GOOGLE.com.
yelp.com mail is handled by 10 ASPMX2.GOOGLEMAIL.com.
yelp.com mail is handled by 10 ASPMX5.GOOGLEMAIL.com.
yelp.com mail is handled by 10 ASPMX3.GOOGLEMAIL.com.
yelp.com mail is handled by 5 ALT2.ASPMX.L.GOOGLE.com.
yelp.com mail is handled by 10 ASPMX4.GOOGLEMAIL.com.
yelp.com mail is handled by 5 ALT1.ASPMX.L.GOOGLE.com.

This isn't a complete solution, but you can tell if someone is on Google Apps by looking at their domain's MX records. The link in the answer didn't work for me, so that may be a better solution.

You cannot do that. I don't think Google could tell you that without user consent.

You could, however, see if the domain is a a Google Apps domain by use this as the Discovery URL: https://www.google.com/accounts/o8/site-xrds?hd=mail.moztw.org

Noted that the admin of the domain might not properly installed OpenID support for the domain. My slide have discussed this in detail: http://www.slideshare.net/timdream/google-apps-account-as-openid

You can check the Identity Provider with a google api https://dns.google.com/resolve?name=example.com&type=MX

    public static class IdentityProviderChecker
    {
        public static async Task<string?> GetProviderName(string email)
        {
            var domainName = email.Split('@').Last();
            using var client = new HttpClient();

            var result = await client.GetAsyncResult<DnsResponse>($"https://dns.google.com/resolve?name={domainName}&type=MX");
            return result.Answer.Any(x => x.Data.Contains("google.com", StringComparison.OrdinalIgnoreCase) || x.Data.Contains("googlemail.com", StringComparison.OrdinalIgnoreCase))
                ? "Google"
                : result.Answer.Any(x => x.Data.Contains("outlook.com", StringComparison.OrdinalIgnoreCase))
                    ? "Microsoft"
                    : null;
        }
    }

    public class DnsResponse
    {
        public Answer[] Answer { get; set; } = null!;
    }

    public class Answer
    {
        public string Data { get; set; } = null!;
    }

Note that MX records will not always prove that an email address is able to do google SSO/OAUTH.
For example, gene.com (genentech) uses google for all services, but this is their mx response:

nslookup -type=mx gene.com
Server:     127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
gene.com    mail exchanger = 30 ridesmtaext02.roche.com.
gene.com    mail exchanger = 60 mtaalt4.roche.com.
gene.com    mail exchanger = 30 ridesmtaext01.roche.com.
gene.com    mail exchanger = 40 rkamtaext01.roche.com.
gene.com    mail exchanger = 40 rkamtaext02.roche.com.
gene.com    mail exchanger = 40 rmumtaext02.roche.com.
gene.com    mail exchanger = 30 sc1esmtaext02.gene.com.
gene.com    mail exchanger = 30 sc1esmtaext01.gene.com.
gene.com    mail exchanger = 60 mtaalt2.roche.com.
gene.com    mail exchanger = 60 mtaalt3.roche.com.
gene.com    mail exchanger = 40 rmumtaext01.roche.com.
gene.com    mail exchanger = 60 mtaalt1.roche.com.

Authoritative answers can be found from:

I worked out Doug's suggestion and it works. Just make sure that the (effective) user invoking the function has the right to call addViewer. A trick to accomplish this is to make sure the routine is called from a trigger routine, so the owner of the script is the effective user.

function checkIfGoogleAccount(emailAddress) {
  try {
    SpreadsheetApp.getActiveSpreadsheet().addViewer(emailAddress) ;
    SpreadsheetApp.getActiveSpreadsheet().removeViewer(emailAddress) ;
    return true ;
  }
  catch(err) {
    return false ;
  }
}

I do this by having a dummy file, to which I add the email address using the addViewer function. I do this in a try...catch. If an error is caught then I set my local flag to say "not a google account". If no error, I then remove them as a viewer of my dummy file and set my flag to say the email address is a legit google account.

Came looking for a solution to this and wanted to post an update that while Doug/Lexcel's solution works, the .addViewer() command now automatically sends an email (if the account is Google based) notifying the person that they've been given view access to the file. Since this isn't ideal, I re-wrote the function to use the Drive API to silently insert the permission instead.

function checkIfGoogleAccount(email) {
  let ss = SpreadsheetApp.getActiveSpreadsheet() ;
  let fileId = ss.getId() ;
  try {
    Drive.Permissions.insert( // Silent share - doesn't send an email
      {
        'role': 'reader',
        'type': 'user',
        'value': email
      },
      fileId,
      {
        'sendNotificationEmails': 'false'
      }) ;
    ss.removeViewer(email) ;
    return true ;
  } catch (e) {
    return false ;
  }
}