How to detect if an email is a Google Account?

Question

Me and some guys here are working on an start up. We are currently using Google OpenID API to manage registration and login to our app, but we want to migrate to a easier user r

Answer 1

I do this by having a dummy file, to which I add the email address using the addViewer function. I do this in a try...catch. If an error is caught then I set my local flag to say "not a google account". If no error, I then remove them as a viewer of my dummy file and set my flag to say the email address is a legit google account.

Answer 2

If you're on a Mac, open Terminal and enter $ host {example.com} to determine if their email is hosted by Google.

For example:

$ host yelp.com
yelp.com has address 104.16.57.23
yelp.com has address 104.16.56.23
yelp.com mail is handled by 1 ASPMX.L.GOOGLE.com.
yelp.com mail is handled by 10 ASPMX2.GOOGLEMAIL.com.
yelp.com mail is handled by 10 ASPMX5.GOOGLEMAIL.com.
yelp.com mail is handled by 10 ASPMX3.GOOGLEMAIL.com.
yelp.com mail is handled by 5 ALT2.ASPMX.L.GOOGLE.com.
yelp.com mail is handled by 10 ASPMX4.GOOGLEMAIL.com.
yelp.com mail is handled by 5 ALT1.ASPMX.L.GOOGLE.com.

Answer 3

I worked out Doug's suggestion and it works. Just make sure that the (effective) user invoking the function has the right to call addViewer. A trick to accomplish this is to make sure the routine is called from a trigger routine, so the owner of the script is the effective user.

function checkIfGoogleAccount(emailAddress) {
  try {
    SpreadsheetApp.getActiveSpreadsheet().addViewer(emailAddress) ;
    SpreadsheetApp.getActiveSpreadsheet().removeViewer(emailAddress) ;
    return true ;
  }
  catch(err) {
    return false ;
  }
}

Answer 4

You cannot do that. I don't think Google could tell you that without user consent.

You could, however, see if the domain is a a Google Apps domain by use this as the Discovery URL: https://www.google.com/accounts/o8/site-xrds?hd=mail.moztw.org

Noted that the admin of the domain might not properly installed OpenID support for the domain. My slide have discussed this in detail: http://www.slideshare.net/timdream/google-apps-account-as-openid

Answer 5

You can check the Identity Provider with a google api https://dns.google.com/resolve?name=example.com&type=MX

    public static class IdentityProviderChecker
    {
        public static async Task<string?> GetProviderName(string email)
        {
            var domainName = email.Split('@').Last();
            using var client = new HttpClient();

            var result = await client.GetAsyncResult<DnsResponse>($"https://dns.google.com/resolve?name={domainName}&type=MX");
            return result.Answer.Any(x => x.Data.Contains("google.com", StringComparison.OrdinalIgnoreCase) || x.Data.Contains("googlemail.com", StringComparison.OrdinalIgnoreCase))
                ? "Google"
                : result.Answer.Any(x => x.Data.Contains("outlook.com", StringComparison.OrdinalIgnoreCase))
                    ? "Microsoft"
                    : null;
        }
    }

    public class DnsResponse
    {
        public Answer[] Answer { get; set; } = null!;
    }

    public class Answer
    {
        public string Data { get; set; } = null!;
    }

Answer 6

This isn't a complete solution, but you can tell if someone is on Google Apps by looking at their domain's MX records. The link in the answer didn't work for me, so that may be a better solution.