Matttermost, Inc.

Deleting provider (Gitlab) user during mattermost session

Summary

Using gitlab as oAuth2 service provider to log into mattermost, deleted user (in gitlab) is still logged in mattermost until auth cookie in browser is valid.

Steps to reproduce

  1. Setup oAuth authorization from gitlab to mattermost
  2. Login into mattermost
  3. Delete logged user from gitlab
  4. Deleted user is logged until cookie is valid or logged out by himself

Mattermost: v 3.6.2

Question is: How to handle this ? Is there some check from mattermost to service provider api if user still exist ? What to do when someone deletes user credential on provider system during his session in mattermost ?

Thx.

Hi @Kilmar,

Thanks for your report…

Could we have your help upgrading to the latest version of Mattermost to see if this issue still reproduces?

Thanks!