New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hiding non session SSO providers from the app #21874
Conversation
🦋 Changeset detectedLatest commit: 7cc5ffd The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be problematic from a security point of view, to expose the sessionOnly
flag for the endpoint, and set it to true
when fetching in Data Studio? Or maybe even expose the mode for each provider and filter by that on Data Studio side?
That way it wouldn't be a breaking change for the /auth
endpoint, resp. still possible to see all providers.
Good shout, i dont see a security issue with that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works as expected 🚀
Fixes #21836
Scope
What's changed:
/auth
list endpoint now filters out SSO providers not compatible with the App while keeping the/auth/login/[provider]
flow workingPotential Risks / Drawbacks
/auth
endpointReview Notes / Questions