How to prevent unregistered users login via shield oauth

[warcooft]

Hi @datamweb i try to disable other user which is not register before from login via shield-oauth with add 'allow_register' to app/Config/ShieldOauthConfig.php

 public array $oauthConfigs = [
        'github' => [
            'client_id'     => 'Get it from GitHub',
            'client_secret' => 'Get it from GitHub',

            'allow_login' => false,
        ],
        'google' => [
            'client_id'     => 'secret_id.apps.googleusercontent.com',
            'client_secret' => 'secret_xxx',

            'allow_login' => true,
            'allow_register' => false, 
        ],
        // 'yahoo' => [
        //     'client_id'     => 'Get it from Yahoo',
        //     'client_secret' => 'Get it from Yahoo',

        //     'allow_login' => true,
        // ],
    ];

but it still doesn't work, Thanks.

[warcooft]

Default behavior of Shield-Oauth is that when a user login an unregistered state, Shield-Oauth automatically registers the user, I don't want that to avoid accidental clicks.

can the login and register links be differentiated? as follows:
login: http://localhost:8080/oauth/google
register: http://localhost:8080/oauth-register/google
Thanks

[warcooft]

Thank you @datamweb for quick response.
Please guide me on how to modify this package so that when Shield-Oauth checks credentials I can prevent users whose emails are not registered from logging in or generating new credentials.

[datamweb]

@warcooft So you want to block new user registration by OAuth(google,github and ...). by 'allow_register' => false,.
If the user is a new user, should the message be displayed to the user that it is not possible to register with OAuth service ?

[warcooft]

Yeah, correct.
So far I've created a new controller that extends OAuthController and redirected the callback route to my controller.
I added a little code so that users cannot register from Oauth. as follows:

if ($this->checkExistenceUser($find) === false) {
            return redirect()->to(config('Auth')->logoutRedirect())->with('error', lang('ShieldOAuthLang.Callback.not_registered'));

it works like what I want, but if there is a more dynamic way please let me know.

[datamweb]

Right, this is something other users might need too. I don't want to make promises, but I might make some code changes in my free time to have this feature by default.
If I make a change, I will tag you.

[warcooft]

Thank you so much @datamweb

[datamweb]

This feature was added, use the latest version and make sure your config file is up to date.