DiscourseConnect Single Sign On email & last payload cached across users

DiscourseConnect Single Sign On information cached across users

Tested on version 2.7.8 on Chrome.

In order to reproduce you need to have at least 2 users signed up/logged in via sso.

  • Go to admin

  • click on “users”

  • click on <user 1>

  • scroll down to the “DiscourseConnect Single Sign On” section

  • click on “show” to view the email passed during the sso process

  • click on “show” for the “last payload” information.

  • Now scroll up

  • click on “users”

  • click on <user 2>

  • scroll down to the “DiscourseConnect Single Sign On” section

  • Observe that both email and last payload sections are already expanded with information from user 1.

Reload the page, the 2 sections are now back to be hidden and showing the “show” buttons

1 Like

Fixed via:

Thanks for bringing this in our notice @dscat :+1: