Restrict user domain via OAuth2 authentication

We have a customer who would like to restrict authentication to users whose email addresses have a specific domain (eg. only users with emails ending in "@some-company.com" can log in). Is there a way to do this via OAuth2 without first logging in, _then_ fetching and validating the user's email address?