Google Idp - User portals not loading - code 401

[Icare-github]

Describe the problem User portals not loading, and giving error: Request failed with status code 401. Please refresh the page if the issue continues. token invalid idp = Google

To Reproduce User (in peers list) present that was removed from Google Workspace.

Are you using NetBird Cloud? self-host NetBird's control plane.

logs management-1 | 2024-02-19T14:20:19Z DEBG management/server/account.go:1164: 1201 entries received from IdP management management-1 | 2024-02-19T14:20:19Z WARN management/server/account.go:1178: user 1142941466876 not found in IDP management-1 | 2024-02-19T14:20:19Z DEBG management/server/file_store.go:303: released lock for account ci069s8adnmc73c9 in 13.796579304s management-1 | 2024-02-19T14:20:19Z DEBG management/server/file_store.go:295: acquiring lock for account ci069s8adnmc73c9

Workaround Once the user was removed from the database, the user portals dod open correctly.

[mlsmaycon]

Thanks for reporting this issue @Icare-github.

This happens due to the management service cache system assumption that if a user doesn't exist in the local cache, it should force refresh the cache on every request. However, the cache will never be consistent with the local store as the user was removed from IDP.

[redecs]

Had the same issue with Netbird Self-hosted version 0.27.7. Restarting the management service fixed it (no need to delete any users). I've upgrade now to version 0.27.10 and will see if this happens again.

[Icare-github]

We faced a simular issue again due to (Netbird) user being deleted in Google while it still exists in Netbird. Note: restarting the management service only does not resolved the issue.

This is critical as it's impacting connectivity to our environments.