You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Review Passwordless login when an SSO session already exists
Description
Ensure the current behavior is expected.
Use case 1
User A has an SSO session
User B performs a passwordless login via email
?
Use case 2
User B has an SSO session
User B performs a passwordless login via email
?
Could we ensure that the passwordless login request belongs to the same user as the current SSO session? or if we generate an auth code, does it need to belong to the same owner of the current SSO session?
If the existing behaviour (in use case 1) is deemed to be expected, an option (either at tenant level or at request level for passwordless logins) to sign out any existing SSO session as part of a (successful) passwordless login would be ideal.
We'd like to ensure that if a passwordless login is performed on a shared device (by scanning a QR code in our case - so the passwordless login may be this user's first interaction with FusionAuth or our app), any SSO session from a previous user (who forgot to log out) is terminated / replaced by the new user's session.
Review Passwordless login when an SSO session already exists
Description
Ensure the current behavior is expected.
Use case 1
Use case 2
Could we ensure that the passwordless login request belongs to the same user as the current SSO session? or if we generate an auth code, does it need to belong to the same owner of the current SSO session?
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
The text was updated successfully, but these errors were encountered: