authClient.organization.setActive() returns all the members of the organization
Hi, when I call authClient.organization.setActive(), I'm getting a response with a fully-populated members property that lists every member of that organization, including their email addresses. Is that intended? Seems like if I am just trying to sign the user into a tenant, there's no reason necessarily to respond with a list of hundreds or thousands of users?
2 Replies
yeah, but it should only respond with a maximum of 100 members (depends on configuration).
It's the equalivilant to calling the Get Full Organization method
Seems to me it makes sense just to respond with a more basic success or failure response - and if the client wants the full org details, it can call getFullOrganization after that? Or make it a flag in setActive whether to respond with the full organization details?
Also I wonder whether listing other members should be permitted by default.