From 5e0bf8b65f53bea71c1ef775d5a849a53ed845b7 Mon Sep 17 00:00:00 2001
From: rithu john <rithujohn191@gmail.com>
Date: Fri, 21 Jul 2017 15:48:21 -0700
Subject: [PATCH] connector/oidc: fix hosted domain support.

---
 connector/oidc/oidc.go   | 4 ++--
 examples/config-dev.yaml | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go
index cd04a374..6bdc95c6 100644
--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -35,7 +35,7 @@ type Config struct {
 
 	// Optional list of whitelisted domains when using Google
 	// If this field is nonempty, only users from a listed domain will be allowed to log in
-	HostedDomains []string `json:"hostedDomain"`
+	HostedDomains []string `json:"hostedDomains"`
 }
 
 // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
@@ -198,7 +198,7 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
 	if len(c.hostedDomains) > 0 {
 		found := false
 		for _, domain := range c.hostedDomains {
-			if claims.HostedDomain != domain {
+			if claims.HostedDomain == domain {
 				found = true
 				break
 			}
diff --git a/examples/config-dev.yaml b/examples/config-dev.yaml
index feda4b63..542c0cae 100644
--- a/examples/config-dev.yaml
+++ b/examples/config-dev.yaml
@@ -67,7 +67,8 @@ connectors:
 #     clientID: $GOOGLE_CLIENT_ID
 #     clientSecret: $GOOGLE_CLIENT_SECRET
 #     redirectURI: http://127.0.0.1:5556/dex/callback
-#     hostedDomain: $GOOGLE_HOSTED_DOMAIN
+#     hostedDomains:
+#     - $GOOGLE_HOSTED_DOMAIN
 
 # Let dex keep a list of passwords which can be used to login to dex.
 enablePasswordDB: true
-- 
GitLab