Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OOR authentication after ECR authentication #82

Closed
2byrds opened this issue Jul 22, 2024 · 1 comment
Closed

OOR authentication after ECR authentication #82

2byrds opened this issue Jul 22, 2024 · 1 comment
Assignees
@TaniyaBhadauria

Comments

@2byrds
Copy link
Collaborator

2byrds commented Jul 22, 2024

Thank you to @HunnySajid for bringing this up. Should all logins replace previous logins? Perhaps we should have a test case where the user presents a valid ECR credential. But then later completes a login with an OOR credential. In that case the identifier is the same for both and right now the verification service will retain the valid ECR login and the user will be allowed to proceed through the UI flow (status/report-upload). But instead the API/verification service should probably reset the user authorization and then deny the status/report access.
@HunnySajid
Copy link
Collaborator

This is a demo video:
1- ECR credential is selected
2- Status Pages visit is allowed
3- Clear Credential
4- Select OOR credential
5- Can not access status page

https://www.loom.com/share/f0cae83bb4d4418e9da16a75112f1aab?sid=3ebd7085-0ecb-4799-8eae-87ec0463c87b

@2byrds 2byrds closed this as completed Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TaniyaBhadauria TaniyaBhadauria

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@2byrds @HunnySajid @TaniyaBhadauria