How to detect if an email is a Google Account?

B

8

25

Me and some guys here are working on an start up. We are currently using Google OpenID API to manage registration and login to our app, but we want to migrate to a easier user registration model. And for this, we need to know if there is a way we can detect if an email (not gmail) is already a Google Account. Is there a way to get this info from the Google Single Sign-on API?

Previous thanks for your help! :)

Berry answered 24/11, 2010 at 6:0 Comment(3)

This is a total hack for anyone else looking for a solution related to this. If you try to invite a non-Google email address to a Google service that requires a Google account (either personal gmail or business), you may get an error message saying something like "unknown email address" if it's a non-Google address. You can use that to answer the question posed. – Cheyennecheyne 24/1, 2014 at 20:16

Calendly seems to be doing this in production: calendly.com/signup – Bruns 9/2, 2019 at 0:22

I used the "total hack" after puzzling over this for some time. Found this thread after, but wanted to make sure that my solution had been noted, and I see that it has. I'll just add my particular solution - which was to try adding the email as a user with GA permissions via the management API. I immediately then remove the user permission. But if I was able to add it, then it's a valid Google account. – Denunciate 17/2, 2019 at 3:26

G

4

You cannot do that. I don't think Google could tell you that without user consent.

You could, however, see if the domain is a a Google Apps domain by use this as the Discovery URL: https://www.google.com/accounts/o8/site-xrds?hd=mail.moztw.org

Noted that the admin of the domain might not properly installed OpenID support for the domain. My slide have discussed this in detail: http://www.slideshare.net/timdream/google-apps-account-as-openid

Gharry answered 25/11, 2010 at 5:54 Comment(4)

Thanks for the response. Of course it cannot be done, starting from the point that the OpenID protocol doesn't provide any support for user interaction said it all. Indeed we are already using hosted domains detection. Thanks for the advice! :) – Berry 25/11, 2010 at 22:56

I suggest you don't do this. Just because an e-mail address is under a G-Suite domain doesn't necessarily mean that person has a Google account. There are unfortunately G-Suite domains out there where this is not the case, ie. where some of the e-mail addresses are simply forwarders. – Gerah 15/12, 2016 at 13:54

@Gerah Yeah you are right, the answer only tell if the given domain is a GSuite domain, not the e-mail itself. OpenID is deprecated so I would take a grain of sand of the answer myself. – Gharry 22/12, 2016 at 16:0

Hi @FernandoEscher, even i have come across similar problem. Can you help me in achieving the solution. I mean how you are using hosted domains detection to solve the problem. – Steerage 22/11, 2017 at 4:30

C

37

If you're on a Mac, open Terminal and enter $ host {example.com} to determine if their email is hosted by Google.

For example:

$ host yelp.com
yelp.com has address 104.16.57.23
yelp.com has address 104.16.56.23
yelp.com mail is handled by 1 ASPMX.L.GOOGLE.com.
yelp.com mail is handled by 10 ASPMX2.GOOGLEMAIL.com.
yelp.com mail is handled by 10 ASPMX5.GOOGLEMAIL.com.
yelp.com mail is handled by 10 ASPMX3.GOOGLEMAIL.com.
yelp.com mail is handled by 5 ALT2.ASPMX.L.GOOGLE.com.
yelp.com mail is handled by 10 ASPMX4.GOOGLEMAIL.com.
yelp.com mail is handled by 5 ALT1.ASPMX.L.GOOGLE.com.

Chalkstone answered 30/12, 2015 at 7:4 Comment(2)

Simple and sweet! – Wickner 18/2, 2017 at 7:50

Great solution ! – Castaway 3/10, 2018 at 4:22

A

6

This isn't a complete solution, but you can tell if someone is on Google Apps by looking at their domain's MX records. The link in the answer didn't work for me, so that may be a better solution.

Alkalize answered 31/1, 2013 at 13:36 Comment(2)

the link wont work if you open in a browser .. do a curl call and check for the header status – Cancellate 15/5, 2013 at 10:34

in PHP, use getmxrr and match the results against google. Example gist.github.com/samin/f89c0f9b67ae82200e22 – Damron 23/5, 2014 at 19:14

G

5

You can check the Identity Provider with a google api https://dns.google.com/resolve?name=example.com&type=MX

    public static class IdentityProviderChecker
    {
        public static async Task<string?> GetProviderName(string email)
        {
            var domainName = email.Split('@').Last();
            using var client = new HttpClient();

            var result = await client.GetAsyncResult<DnsResponse>($"https://dns.google.com/resolve?name={domainName}&type=MX");
            return result.Answer.Any(x => x.Data.Contains("google.com", StringComparison.OrdinalIgnoreCase) || x.Data.Contains("googlemail.com", StringComparison.OrdinalIgnoreCase))
                ? "Google"
                : result.Answer.Any(x => x.Data.Contains("outlook.com", StringComparison.OrdinalIgnoreCase))
                    ? "Microsoft"
                    : null;
        }
    }

    public class DnsResponse
    {
        public Answer[] Answer { get; set; } = null!;
    }

    public class Answer
    {
        public string Data { get; set; } = null!;
    }

Galop answered 21/12, 2019 at 10:45 Comment(0)

G

4

You cannot do that. I don't think Google could tell you that without user consent.

You could, however, see if the domain is a a Google Apps domain by use this as the Discovery URL: https://www.google.com/accounts/o8/site-xrds?hd=mail.moztw.org

Noted that the admin of the domain might not properly installed OpenID support for the domain. My slide have discussed this in detail: http://www.slideshare.net/timdream/google-apps-account-as-openid

Gharry answered 25/11, 2010 at 5:54 Comment(4)

Thanks for the response. Of course it cannot be done, starting from the point that the OpenID protocol doesn't provide any support for user interaction said it all. Indeed we are already using hosted domains detection. Thanks for the advice! :) – Berry 25/11, 2010 at 22:56

I suggest you don't do this. Just because an e-mail address is under a G-Suite domain doesn't necessarily mean that person has a Google account. There are unfortunately G-Suite domains out there where this is not the case, ie. where some of the e-mail addresses are simply forwarders. – Gerah 15/12, 2016 at 13:54

@Gerah Yeah you are right, the answer only tell if the given domain is a GSuite domain, not the e-mail itself. OpenID is deprecated so I would take a grain of sand of the answer myself. – Gharry 22/12, 2016 at 16:0

Hi @FernandoEscher, even i have come across similar problem. Can you help me in achieving the solution. I mean how you are using hosted domains detection to solve the problem. – Steerage 22/11, 2017 at 4:30

M

3

Note that MX records will not always prove that an email address is able to do google SSO/OAUTH.
For example, gene.com (genentech) uses google for all services, but this is their mx response:

nslookup -type=mx gene.com
Server:     127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
gene.com    mail exchanger = 30 ridesmtaext02.roche.com.
gene.com    mail exchanger = 60 mtaalt4.roche.com.
gene.com    mail exchanger = 30 ridesmtaext01.roche.com.
gene.com    mail exchanger = 40 rkamtaext01.roche.com.
gene.com    mail exchanger = 40 rkamtaext02.roche.com.
gene.com    mail exchanger = 40 rmumtaext02.roche.com.
gene.com    mail exchanger = 30 sc1esmtaext02.gene.com.
gene.com    mail exchanger = 30 sc1esmtaext01.gene.com.
gene.com    mail exchanger = 60 mtaalt2.roche.com.
gene.com    mail exchanger = 60 mtaalt3.roche.com.
gene.com    mail exchanger = 40 rmumtaext01.roche.com.
gene.com    mail exchanger = 60 mtaalt1.roche.com.

Authoritative answers can be found from:

Methodology answered 2/11, 2021 at 16:25 Comment(0)

O

1

I worked out Doug's suggestion and it works. Just make sure that the (effective) user invoking the function has the right to call addViewer. A trick to accomplish this is to make sure the routine is called from a trigger routine, so the owner of the script is the effective user.

function checkIfGoogleAccount(emailAddress) {
  try {
    SpreadsheetApp.getActiveSpreadsheet().addViewer(emailAddress) ;
    SpreadsheetApp.getActiveSpreadsheet().removeViewer(emailAddress) ;
    return true ;
  }
  catch(err) {
    return false ;
  }
}

Odelsting answered 11/2, 2017 at 15:31 Comment(0)

L

0

I do this by having a dummy file, to which I add the email address using the addViewer function. I do this in a try...catch. If an error is caught then I set my local flag to say "not a google account". If no error, I then remove them as a viewer of my dummy file and set my flag to say the email address is a legit google account.

Liverwort answered 21/1, 2014 at 15:1 Comment(0)

P

0

Came looking for a solution to this and wanted to post an update that while Doug/Lexcel's solution works, the .addViewer() command now automatically sends an email (if the account is Google based) notifying the person that they've been given view access to the file. Since this isn't ideal, I re-wrote the function to use the Drive API to silently insert the permission instead.

function checkIfGoogleAccount(email) {
  let ss = SpreadsheetApp.getActiveSpreadsheet() ;
  let fileId = ss.getId() ;
  try {
    Drive.Permissions.insert( // Silent share - doesn't send an email
      {
        'role': 'reader',
        'type': 'user',
        'value': email
      },
      fileId,
      {
        'sendNotificationEmails': 'false'
      }) ;
    ss.removeViewer(email) ;
    return true ;
  } catch (e) {
    return false ;
  }
}

Pelagianism answered 14/9, 2022 at 0:20 Comment(0)

Recommended topics

Hot tags