DiscourseConnect authentification unique par courriel et dernière charge utile mise en cache entre les utilisateurs

dscat · Octobre 14, 2021, 5:50

DiscourseConnect Single Sign On information cached across users

Tested on version 2.7.8 on Chrome.

In order to reproduce you need to have at least 2 users signed up/logged in via sso.

Go to admin
click on “users”
click on <user 1>
scroll down to the “DiscourseConnect Single Sign On” section
click on “show” to view the email passed during the sso process
click on “show” for the “last payload” information.
Now scroll up
click on “users”
click on <user 2>
scroll down to the “DiscourseConnect Single Sign On” section
Observe that both email and last payload sections are already expanded with information from user 1.

Reload the page, the 2 sections are now back to be hidden and showing the “show” buttons

techAPJ · Octobre 20, 2021, 12:07

Fixed via:

Thanks for bringing this in our notice @dscat

Sujet		Réponses	Vues
GET DiscourseConnect Single Sign On record via APIs SSO rest-api	3	502	Février 21, 2024
Use Discourse as an identity provider (SSO, DiscourseConnect) Integrations sso , discourseconnect , how-to	143	48737	Novembre 9, 2024
Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Integrations sso , discourseconnect , configuring , how-to	36	447665	Août 11, 2025
Issues using SSO in custom web app Dev	10	1442	Janvier 9, 2018
Change email for SSO user? SSO	35	9496	Septembre 9, 2024