SSO payload can be seen be moderators again?

was Moderators should not see emails in SSO section - #13 by techAPJ reverted? It seems moderators are able to see the payload (which contains the email) again.

Not sure, @techAPJ can you have a peek when you are back?

1 Like

I am not able to repro this on latest Discourse version.

Note that moderators will see the SSO payload but that payload will not contain external_email.

3 Likes

Is it possible to restrict visibility of the entire SSO section for mods?

Just updated to beta 3 and ran a test. Account only had moderator, last payload included the email even with the “moderators can see emails” option disabled.

email=
external_id=
name= 
nonce= 
username= 

I noticed you mentioned external_email but on our payload its “email”, not “external_email”, maybe that’s why? Is that something we need to fix on our end?

To add on, I believe I used this post when creating our SSO process: Discourse SSO and API Helper for PHP. Uses “email” as one of the parameters, not “external_email”

@techAPJ

Thoughts on the above? ^^

Are you talking about the /admin/users/{id}/{username} page or somewhere else?

1 Like

No, when the SSO record is created the external_email is saved as per:

In reference to:

email=
external_id=
name= 
nonce= 
username=

Where are you seeing this payload in Discourse? As you can see above the email is saved as external_email, name is saved as external_name, etc.

1 Like

Aha, I see that the payload is visible to moderators. I’ve hidden the SSO payload for moderators via:

https://github.com/discourse/discourse/commit/901d6080df6a62c8fbb4da697a9150fdd93211da

We’re also discussing if the payload should be behind a button click for Admins (like we do for emails).

Thanks for the excellent report @anon60302432, and for persistent follow-up. :trophy:

3 Likes