diff --git a/addons/auth_oauth/controllers/main.py b/addons/auth_oauth/controllers/main.py
index da1b7d53..d2c90798 100644
--- a/addons/auth_oauth/controllers/main.py
+++ b/addons/auth_oauth/controllers/main.py
@@ -131,6 +131,8 @@ class OAuthController(http.Controller):
     def signin(self, **kw):
         state = json.loads(kw['state'])
         dbname = state['d']
+        if not http.db_filter([dbname]):
+            return BadRequest()
         provider = state['p']
         context = state.get('c', {})
         registry = registry_get(dbname)
@@ -180,6 +182,8 @@ class OAuthController(http.Controller):
             dbname = db_monodb()
         if not dbname:
             return BadRequest()
+        if not http.db_filter([dbname]):
+            return BadRequest()
 
         registry = registry_get(dbname)
         with registry.cursor() as cr: