FusionAuth SSO behavior interacts with Identity Provider Application enable/disable behavior in unexpected ways

[mooreds]

FusionAuth SSO behavior interacts with Identity Provider Application enable/disable behavior in unexpected ways

Description

For application A, you can log in with google or other idps. For application B and the FusionAuth admin screen, you cannot. I'm lazy, so when I get prompted to log in by application B or the admin ui, rather than opening up my password manager, I'll just bounce over to application A and log in with google.

Then I can go back to application B or the admin UI and I'm automatically logged in (by FusionAuth SSO), even though those applications don't have the google identity provider enabled.

This seems a bit weird from a user perspective, even though I understand that FusionAuth SSO is orthogonal to how the user initially authenticates.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

[mooreds]

This can now be prevented by the login validation lambda: https://fusionauth.io/docs/extend/code/lambdas/login-validation I believe.