From 7be18528271dd05355079fba5cad156353bb9deb Mon Sep 17 00:00:00 2001 From: Kenn Jacobsen Date: Thu, 28 Sep 2023 13:25:11 +0200 Subject: [PATCH] Make sure to sign out external users if an error occurs during sign-in (#14867) --- .../Controllers/BackOfficeController.cs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs index 43e99622c1..911028912a 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs @@ -585,6 +585,11 @@ public class BackOfficeController : UmbracoController if (errors.Count > 0) { + // the external user might actually be signed in at this point, but certain errors (i.e. missing claims) + // prevents us from applying said user to a back-office session. make sure the sign-in manager does not + // report the user as being signed in for subsequent requests. + await _signInManager.SignOutAsync(); + ViewData.SetExternalSignInProviderErrors( new BackOfficeExternalLoginProviderErrors( loginInfo.LoginProvider,