Auth: guard against user being removed (#6908)

holoviz · Jun 12, 2024 · 08c6a3e · 08c6a3e
1 parent cd8b190
commit 08c6a3e
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/panel/auth.py b/panel/auth.py
@@ -1108,7 +1108,9 @@ def _remove_user(self, session_context):
         state._active_users[user] -= 1
         if not state._active_users[user]:
             del state._active_users[user]
-            if user in state._oauth_user_overrides:
+            # Don't remove the user override when it is set to None or
+            # is missing, as this means it is being refreshed.
+            if state._oauth_user_overrides.get(user) is not None:
                 del state._oauth_user_overrides[user]
 
     def _schedule_refresh(self, expiry_ts, user, refresh_token, application, request):