When you remove a user from a github team they maintain the permissions of that team until they log out and log in again. The doGetAuthorizationInfo call returns the roles from the authenticated user, but nothing causes that authentication cache to be checked again. Looking here there is a cache check done when getting groups for the user.
I looked around a bit for an easy way to drop this in, but java isn't my forte. I was thinking we could call authz again in the authorization info, to make sure the user is up to date.
When you remove a user from a github team they maintain the permissions of that team until they log out and log in again. The
doGetAuthorizationInfocall returns the roles from the authenticated user, but nothing causes that authentication cache to be checked again. Looking here there is a cache check done when getting groups for the user.I looked around a bit for an easy way to drop this in, but java isn't my forte. I was thinking we could call
authzagain in the authorization info, to make sure the user is up to date.