I’d like to use Google’s Oauth2 API to login to an application based on an e-mail address. Considering users may not know if their me@mydomain.com is hosted by google, how could I inspect their e-mail address and redirect them to Google Auth via code? For example, on a typical login page you’ve seen the “login with my google account” button, but if the users doesn’t know it’s a google account I’d still like to use OAUTH even if they didn’t click it.
I’ve considered a DNS lookup on the MX record, but not sure if that’s the cleanest/best approach.
i.e. a typical DNS lookup returns:
mydomain.com MX preference = 10, mail exchanger = aspmx.l.google.com
mydomain.com MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
mydomain.com MX preference = 20, mail exchanger = alt2.aspmx.l.google.com
...
An nslookup on MX records would probably be the most practical solution and would be rather simple.
The issue I have with this is that unless your application exclusively requires you to use their Google e-mail, you might be excluding some people. I have an alternate e-mail address set up with my Google account and can use that to log in. Now, I would venture to guess most users would use their Google e-mail account, but you need to be ready for the other case.
My suggestion is to first use an easier, deprecated method, like ClientLogin. You can do a simple post using https://www.google.com/accounts/ClientLogin?Email=who@where.com&Passwd=password
If you get “Error=BadAuthentication”, then the authentication failed. If you get a good authentication, you know this e-mail address is associated with a Google account and then you can use Oauth2 to log them in. The only issue I see with this is if the user enters an incorrect password. I would do some research across all of the Google APIs to see if any of them can tell you about an incorrect password vs. just a failed login, though that might not exist for security purposes.
Anyway, good luck. Keep us updated if you come up with something else.