Much appreciated, Simon. I will take a look.
Stepping back though, does this not seem like something of a problem? I guess we can debate the importance of this, but having a platform where users can just continue to access a forum endlessly, even when they no longer have a valid account, is not something I have seen elsewhere.
I can perhaps buy the notion that it’s WordPress, rather than Discourse, which is the authoritative source here. So that probably points the finger at the SSO plugin as the best place to locate some logic.
Curious to know the overall thinking here. I’d like to think the scenario is a valid one (force logout after a certain period of time or based on a WordPress account becoming “invalid”), no?
Just brainstorming here since I would like to avoid manual steps - but also want to avoid writing code, if I can 