OAuth2 - How to allow only users from Google App which has many domains to sign in


I have a custom JS web app with Google OAuth2 sign-in. I know I can restrict sign in for a specific domain by the hosted_domain param in the gapi.auth2.init() method.

But in our Google App we use many domains (company.com - primary domain in GoogleApps, company.co.uk, ...).

When I set hosted_domain to be company.com and tried to login with [email protected] mail I get rejected with error object from googleAuth.signIn()

{
     accountDomain: 'company.co.uk',
     expectedDomain: 'company.com',
     reason: 'Account domain does not match hosted_domain specified by gapi.auth2.init.',
     type: 'tokenFailed',
}

Is there an option to set multiple hosted domains for sign-in or I have to implement a custom validator?