Can't disable SSO for passwordless flow

[elliotdickison]

Can't disable SSO for passwordless flow

Description

Unchecking the "Keep me signed in" option has no effect in the passwordless flow - a SSO session is still created, cookies are saved to the browser, and FusionAuth remembers the user.

Affects versions

Tested on 1.45.1. Will upgrade and test again, but I'm not seeing any mention of this issue in release notes.

Steps to reproduce

1. Enable passwordless login for an app
2. Click "Send me a magic link", uncheck "Keep me signed in", and enter your email.
3. Click the link in the email to sign in.
4. Observe that an SSO session has been created in FusionAuth.

Expected behavior

I expect "Keep me signed in" to behave the same for the passwordless flow as it does for the password flow: no SSO session should be created and FusionAuth should not remember the user.

Platform

(Please complete the following information)

• Device: Desktop
• OS: macOS
• Browser + version: Chromium: 116.0.5845.179
• Database: PostgresSQL 15.2

Related

• https://github.com/FusionAuth/fusionauth-issues/issues/2472
• https://github.com/FusionAuth/fusionauth-issues/issues/2893

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

[robotdan]

@jobannon can you please attempt to recreate to confirm this is a bug?

[jobannon]

@robotdan I can reproduce and see the issue in the code. Working on a test and fix.

[mooreds]

Wonder if this is related to https://github.com/FusionAuth/fusionauth-issues/issues/2472

[robotdan]

Tracking this issue via https://github.com/FusionAuth/fusionauth-issues/issues/2472. It may not be the exact same issue, but the solution will likely be the same.

[robotdan]

I believe this has been resolved via https://github.com/FusionAuth/fusionauth-issues/issues/2893 in version 1.53.3

Please re-open if it is still an issue.