OAuth session persists when Element X logs out due to PIN code protection #5395
Description
Describe the bug
Element X has a PIN code protection: if you enter your code incorrectly 3 times, it logs you out of the server. Which is a nice security feature to reset your connection if you forced to open your account.
But MAS session stays, which basically makes this feature almost useless.
To Reproduce
Steps to reproduce the behavior:
- Enable PIN code protection on your Element X
- Enter PIN code incorrectly 3 times.
- Element X logs you out.
Now if you:
4. Re-enter the correct server
5. You will be able to login again, without passing through the authorization - as the session on MAS won't be dropped.
Expected behavior
1-4: steps to be the same, but:
5. Will ask you to authenticate again.
To make that happen, once app reset is happening, MAS session shall be dropped as well.
Screenshots
N/A
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
Any iOS and Android.
Additional context
Such a behavior creates false sense of security, so it feels like quite important.