Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
authentication
Describe the bug
Issue Description:
We encountered an issue in Keycloak 26.1.4 where users cannot immediately reauthenticate after deleting their account when using Google (or another external identity provider). The error message indicates a duplicate key violation in the database.
Version
26.1.4
Regression
- The issue is a regression
Expected behavior
🔍 Expected Behavior:
The user should be able to reauthenticate successfully as if they are logging in for the first time.
Actual behavior
🔄 Steps to Reproduce:
- Configure authentication via Google (or another external provider).
- Navigate to Authentication → Required Actions and enable "Delete Account".
- Go to Realm Settings → User Registration → Default Roles, add the "Delete Account" role.
- Log in with Google, then delete the account through the UI.
- Immediately attempt to log in again with Google.
- The following error occurs:
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "constraint_offl_us_ses_pk2"
Detail: Key (user_session_id, offline_flag)=(4eb36d91-6d49-442f-8fad-9be63896d89b, 0) already exists.
How to Reproduce?
🔄 Steps to Reproduce:
- Configure authentication via Google (or another external provider).
- Navigate to Authentication → Required Actions and enable "Delete Account".
- Go to Realm Settings → User Registration → Default Roles, add the "Delete Account" role.
- Log in with Google, then delete the account through the UI.
- Immediately attempt to log in again with Google.
- The following error occurs:
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "constraint_offl_us_ses_pk2"
Detail: Key (user_session_id, offline_flag)=(4eb36d91-6d49-442f-8fad-9be63896d89b, 0) already exists.
Anything else?
Keycloak Version: 26.1.4
Database: PostgreSQL
⚠ Important Note:
The issue resolves itself after approximately 5 minutes, allowing the user to log in successfully again. However, the immediate failure creates a poor user experience and may indicate an underlying issue with session or user data cleanup.
❓ Possible Cause:
It seems that after account deletion, some session-related data (e.g., user_session_id) is not fully removed from the database. When the user tries to log in again immediately, Keycloak attempts to reuse an existing session, resulting in a constraint violation in offline_user_session.
We would appreciate any insights or a potential fix for this issue! 🙏