DiscourseConnect Single Sign On email & last payload cached across users

dscat · October 14, 2021, 5:50pm

DiscourseConnect Single Sign On information cached across users

Tested on version 2.7.8 on Chrome.

In order to reproduce you need to have at least 2 users signed up/logged in via sso.

Go to admin
click on “users”
click on <user 1>
scroll down to the “DiscourseConnect Single Sign On” section
click on “show” to view the email passed during the sso process
click on “show” for the “last payload” information.
Now scroll up
click on “users”
click on <user 2>
scroll down to the “DiscourseConnect Single Sign On” section
Observe that both email and last payload sections are already expanded with information from user 1.

Reload the page, the 2 sections are now back to be hidden and showing the “show” buttons

techAPJ · October 20, 2021, 12:07pm

Fixed via:

Thanks for bringing this in our notice @dscat

Topic		Replies	Views
SSO login appears to have stopped working Bug	11	1405	January 24, 2022
GET DiscourseConnect Single Sign On record via APIs SSO rest-api	3	464	February 21, 2024
Login to Discourse with website account details SSO	2	1609	May 29, 2018
Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Integrations sso , discourseconnect , configuring , how-to	7	436656	September 12, 2024
Create a DiscourseConnect login link Integrations sso , discourseconnect , how-to	6	5037	September 25, 2024