|
It is not possible to delete an account if authorization failed before using AuthzModule. For example, when Keycloak refresh token is expired, OAuth2AuthzSession account field is not being loaded and, as a result, AuthzModule#hasCredentials returns false which is not true, because account is available at the SQLStore. It is not possible to remove the account using AuthzModule#deleteAccount as well, because service is undefined and is null. This can result in situation when OAuth2AuthzService fetches the account from the SQLStore and tries to refresh a token for it, but we have no control over it (i. e. just remove it and forget about).
|
