fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard

Published 20 hours ago verified publisher icon FusionAuth

Support account self service pages without using SSO session

Open mooreds opened this issue 3 years ago • 4 comments

Support account self service pages without using SSO session

Problem

I want to use the self service account management pages (or let my users do so) without requiring them to check the "remember me" checkbox. Requiring that is unintuitive.

Solution

As mentioned here, use a separate session. Perhaps the account self service pages are a special application like the FusionAuth admin UI is?

Alternatives/workarounds

  • don't use account self service
  • require "remember me" to be checked (as a hidden value) and accept security issues around that (what if I'm logging in on library computer and forget to log out)

Additional context

Came up here: https://github.com/FusionAuth/fusionauth-issues/issues/1843 and on a customer call.

Related

  • https://github.com/FusionAuth/fusionauth-issues/issues/1546

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

mooreds avatar Sep 01 '22 16:09 mooreds

Is this the same as https://github.com/FusionAuth/fusionauth-issues/issues/1546?

robotdan avatar Sep 06 '22 15:09 robotdan

@robotdan according to https://github.com/FusionAuth/fusionauth-issues/issues/1546#issuecomment-1020424306 this behavior is "working as designed"

I thought it'd be useful to do as suggested in that comment:

If you want to de-couple this feature from SSO, you could open a request to use a separate session, or to take a JWT issued from your application as authorization. Or we could convert this issue into a feature request.

Since we didn't convert the feature into a feature request.

mooreds avatar Sep 06 '22 19:09 mooreds

Ah, ok. Thanks, I'll close out #1546 and we can track the feature request here.

robotdan avatar Sep 06 '22 19:09 robotdan

This seems to imply that either the "remember me" functionality can be used OR the "self service account management" pages can be used, but a system that implements both will present a poor experience to the end user. Skipping implementing some of the account management pages (especially the MFA) was something of a driver to move to the premium version for us, and this seems like a fairly large hole in that (premium) functionality!

adambowen avatar Oct 05 '22 17:10 adambowen

Internal:

  • POC PR: https://github.com/FusionAuth/fusionauth-app/pull/213

robotdan avatar Feb 14 '23 05:02 robotdan

Internal:

  • https://github.com/FusionAuth/fusionauth-app/pull/231

lyleschemmerling avatar Mar 30 '23 00:03 lyleschemmerling