From d7adb405a5e06aec6a00cd738f93c9f19142b5f6 Mon Sep 17 00:00:00 2001
From: Maxime Liquet <35924738+maximlt@users.noreply.github.com>
Date: Wed, 12 Jun 2024 09:58:54 +0100
Subject: [PATCH] Auth: guard against user being removed (#6908)

---
 panel/auth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/panel/auth.py b/panel/auth.py
index 60685de0fb..a68a50c41a 100644
--- a/panel/auth.py
+++ b/panel/auth.py
@@ -1108,7 +1108,9 @@ def _remove_user(self, session_context):
         state._active_users[user] -= 1
         if not state._active_users[user]:
             del state._active_users[user]
-            if user in state._oauth_user_overrides:
+            # Don't remove the user override when it is set to None or
+            # is missing, as this means it is being refreshed.
+            if state._oauth_user_overrides.get(user) is not None:
                 del state._oauth_user_overrides[user]
 
     def _schedule_refresh(self, expiry_ts, user, refresh_token, application, request):