Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review Passwordless login when an SSO session already exists #1912

Closed
robotdan opened this issue Oct 7, 2022 · 2 comments
Closed

Review Passwordless login when an SSO session already exists #1912

robotdan opened this issue Oct 7, 2022 · 2 comments
Assignees
@spwitt
Projects
FusionAuth Issues
Milestone
1.43.0

Comments

@robotdan
Copy link
Member

robotdan commented Oct 7, 2022

Review Passwordless login when an SSO session already exists

Description

Ensure the current behavior is expected.

Use case 1

  • User A has an SSO session
  • User B performs a passwordless login via email
  • ?

Use case 2

  • User B has an SSO session
  • User B performs a passwordless login via email
  • ?

Could we ensure that the passwordless login request belongs to the same user as the current SSO session? or if we generate an auth code, does it need to belong to the same owner of the current SSO session?

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.
@robotdan robotdan self-assigned this Oct 7, 2022
@robotdan robotdan added this to Backlog in FusionAuth Issues via automation Oct 7, 2022
@robotdan robotdan added this to the 1.42.0 milestone Oct 7, 2022
@pauln
Copy link

pauln commented Oct 10, 2022

If the existing behaviour (in use case 1) is deemed to be expected, an option (either at tenant level or at request level for passwordless logins) to sign out any existing SSO session as part of a (successful) passwordless login would be ideal.

We'd like to ensure that if a passwordless login is performed on a shared device (by scanning a QR code in our case - so the passwordless login may be this user's first interaction with FusionAuth or our app), any SSO session from a previous user (who forgot to log out) is terminated / replaced by the new user's session.

@robotdan robotdan modified the milestones: 1.42.0, 1.43.0 Nov 17, 2022
@spwitt spwitt assigned spwitt and unassigned robotdan Dec 21, 2022
@spwitt spwitt moved this from Backlog to Designing in FusionAuth Issues Dec 23, 2022
@spwitt
Copy link

spwitt commented Dec 29, 2022

Internal

@robotdan robotdan moved this from Designing to Code complete in FusionAuth Issues Dec 30, 2022
@robotdan robotdan moved this from Code complete to Done in FusionAuth Issues Feb 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spwitt spwitt

Labels
None yet
Projects
FusionAuth Issues
  
Delivered
Milestone
1.43.0
Development

No branches or pull requests
3 participants
@pauln @robotdan @spwitt