Summary
Using gitlab as oAuth2 service provider to log into mattermost, deleted user (in gitlab) is still logged in mattermost until auth cookie in browser is valid.
Steps to reproduce
- Setup oAuth authorization from gitlab to mattermost
- Login into mattermost
- Delete logged user from gitlab
- Deleted user is logged until cookie is valid or logged out by himself
Mattermost: v 3.6.2
Question is: How to handle this ? Is there some check from mattermost to service provider api if user still exist ? What to do when someone deletes user credential on provider system during his session in mattermost ?
Thx.