DiscourseConnect Single Sign On אימייל ומטען אחרון שמורים במטמון בין משתמשים

dscat · 14 באוקטובר,‏ 2021,‏ 5:50pm

DiscourseConnect Single Sign On information cached across users

Tested on version 2.7.8 on Chrome.

In order to reproduce you need to have at least 2 users signed up/logged in via sso.

Go to admin
click on “users”
click on <user 1>
scroll down to the “DiscourseConnect Single Sign On” section
click on “show” to view the email passed during the sso process
click on “show” for the “last payload” information.
Now scroll up
click on “users”
click on <user 2>
scroll down to the “DiscourseConnect Single Sign On” section
Observe that both email and last payload sections are already expanded with information from user 1.

Reload the page, the 2 sections are now back to be hidden and showing the “show” buttons

techAPJ · 20 באוקטובר,‏ 2021,‏ 12:07pm

Fixed via:

Thanks for bringing this in our notice @dscat

נושא		תגובות	צפיות
GET DiscourseConnect Single Sign On record via APIs SSO rest-api	3	502	21 בפברואר,‏ 2024
Use Discourse as an identity provider (SSO, DiscourseConnect) Integrations sso , discourseconnect , how-to	143	48737	9 בנובמבר,‏ 2024
Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Integrations sso , discourseconnect , configuring , how-to	36	447668	11 באוגוסט,‏ 2025
Issues using SSO in custom web app Dev	10	1442	9 בינואר,‏ 2018
Change email for SSO user? SSO	35	9496	9 בספטמבר,‏ 2024