Closed Sgroove closed 4 months ago
freescout-helpdesk
commented
4 months ago 1)
2)
Also, I suggest adding the domain field (hd) to the settings form to allow only people from the same organization to login (see https://developers.google.com/identity/openid-connect/openid-connect#hd-param)
Feel free to submit a feature request: https://freescout.net/request-feature/
Sgroove
commented
4 months ago Solution 1 (Auto-Create Users) is actually the opposite. As mentioned in feature request in point #2, the goal is to prevent users (customer support team) that were not added by the administrator to being able to login the platform using any form of OAuth.
freescout-helpdesk
commented
4 months ago I can login with any Google account and the module doesn't verify if a user with that email address exists
To fix this "issue" you need to disable "Auto-Create Users" option.
When using the OAuth & Social Login, I noticed that I can login with any Google account and the module doesn't verify if a user with that email address exists (which means it was previously created by an admin). This might be a security/privacy issue as other users in the organization can easily login the app.
Also, I suggest adding the domain field (hd) to the settings form to allow only people from the same organization to login (see https://developers.google.com/identity/openid-connect/openid-connect#hd-param)
PHP version: 8.3 FreeScout version: 1.8.34 Database: MySQL Are you using CloudFlare: No