-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to login using social login keys #4166
Comments
@justinlusg thanks for reporting this |
@justinlusg are you using the latest version? I am unable to reproduce this error in my local. Could also be due to some missing info from your profile or you might have denied permissions. |
@anandpdoshi yes, it is the latest version.. you can try it over here.. http://erpdemo.agtech.com.sg I've setup a demo site and tested it and it has the same problem. The "One Last Step" will always appear no matter how many times I've login using Facebook, and during the "One Last Step", I am able to fill up any email address and gain access to that user (security flaw). |
Same thing for me. |
@fderyckel I've not tried personally with Google, will try it. @anandpdoshi might be a possible security flaw, which is critical to be resolve soon. |
After the latest update, it third party authentication disappeared under the user account. The Facebook authentication still does not work as well. The security flaw however is still there, I can use Facebook to authenticate and get into anybody's account without their permission/password. |
@justinlusg fixed. Facebook had changed its api |
I've successfully saved the social login keys for Facebook. However, everytime when I try to login this page will always appear after facebook Authentication. Everytime I login with the same facebook account, system will always prompt me for my email, and first name and last name.
Possible security flaw:
I can fill in any email addresses in the system after i login with my Facebook account by entering the email address of the user in the email field.
The text was updated successfully, but these errors were encountered: