appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
https://www.appsmith.com
Apache License 2.0
34.35k stars 3.72k forks source link

[Bug]: SSO login still works after password reset #31276

Open rohan-arthur opened 8 months ago

rohan-arthur commented 8 months ago

Is there an existing issue for this?

Description

I have logged in to https://app.appsmith.com/applications with google SSO. Now when I reset my google password and attempt to login to appsmith, I see an authorization error but apart from that am able to successfully login and proceed with any action.

Uploading Screen Recording 2024-02-22 at 2.54.21 PM.mov…

Steps To Reproduce

  1. Login to appsmith with sso
  2. reset password
  3. refresh appsmith tab

Expected: I should be asked to login again Actual: there is a toast message about authorization error, but otherwise login works fine

Public Sample App

No response

Environment

Production

Issue video log

No response

Version

Cloud

Nikhil-Nandagopal commented 8 months ago

So the problem here is that appsmith does not log a user out immediately because it does not check for token validity and handle that.