was Moderators should not see emails in SSO section - #13 by techAPJ reverted? It seems moderators are able to see the payload (which contains the email) again.
Not sure, @techAPJ can you have a peek when you are back?
I am not able to repro this on latest Discourse version.
Note that moderators will see the SSO payload but that payload will not contain external_email
.
Is it possible to restrict visibility of the entire SSO section for mods?
Just updated to beta 3 and ran a test. Account only had moderator, last payload included the email even with the “moderators can see emails” option disabled.
email=
external_id=
name=
nonce=
username=
I noticed you mentioned external_email but on our payload its “email”, not “external_email”, maybe that’s why? Is that something we need to fix on our end?
To add on, I believe I used this post when creating our SSO process: Discourse SSO and API Helper for PHP. Uses “email” as one of the parameters, not “external_email”
Thoughts on the above? ^^
Are you talking about the /admin/users/{id}/{username}
page or somewhere else?
No, when the SSO record is created the external_email
is saved as per:
In reference to:
email=
external_id=
name=
nonce=
username=
Where are you seeing this payload in Discourse? As you can see above the email is saved as external_email
, name is saved as external_name
, etc.
Aha, I see that the payload is visible to moderators. I’ve hidden the SSO payload for moderators via:
https://github.com/discourse/discourse/commit/901d6080df6a62c8fbb4da697a9150fdd93211da
We’re also discussing if the payload should be behind a button click for Admins (like we do for emails).
Thanks for the excellent report @anon60302432, and for persistent follow-up.