Hello,
I exclusively use the SSO integration on my Discourse platform. I noticed today that, when I sign in to my Admin account using SSO, I no longer see the Admin related menus, and the /admin endpoint does not work.
However, on another device I have, which has remained logged in for about a week, I do see the Admin menu. This only seems to happen on fresh sign ins, which make me think that:
- admin permissions are stored in the session itself (which would make sense)
- the SSO integration is no longer properly adding in the admin permission when creating sessions
This means that, once my other device inevitably gets logged out, Iāll be stuck from accessing my admin menus.
Iāve confirmed with another admin on my forum, and the same happens to him if he signs in on an incognito tab.
I also used the āImpersonateā button on a test account earlier today, which is when I noticed this issue. Iām not sure if that would be related or not, but worth mentioning?
This now happens on all devices (Mac, PC, iPhone), as well as both admin accounts on my site, regardless of whether we clear cookies or not. We are both still listed on our /about endpoint as Admins, so we were not accidentally removed.
Hopefully this is easy to reproduce & resolve. If I can provide any more information, Iād be happy to do so.
Welcome to Meta!