Bug

After deleting an account via /idp/account/delete and re-creating it with the same username, OIDC authorization fails with:

Authentication Error — server_error — oops! something went wrong

This is a recurring issue.

Cause

The error in the logs:

TypeError: Cannot read properties of undefined (reading 'getOIDCScopeEncountered')
    at Check.oidc.oidc (oidc-provider/lib/helpers/interaction_policy/prompts/consent.js:29:50)
    at oidc-provider/lib/actions/authorization/interactions.js:18:17

The flow:

1. User deletes their account — account data and grants are removed
2. User re-creates account with same username
3. Client (e.g. mashlib-next) still has old session cookies/tokens and sends prompt=consent to /idp/auth
4. loadExistingGrant() in provider.js checks ctx.oidc.session which is undefined (stale session)
5. Returns undefined — no grant object
6. oidc-provider's consent check calls getOIDCScopeEncountered() on the undefined grant → TypeError → 500

Possible fixes

1. Clear OIDC session cookies on account deletion — when /idp/account/delete runs, ensure session cookies are invalidated so the browser doesn't send stale tokens
2. Guard in loadExistingGrant — return a new grant (auto-approve) when session exists but old grant is gone, rather than returning undefined
3. Error handler — catch this specific error and redirect to login instead of showing server_error

Steps to reproduce

1. Register an account on a JSS instance
2. Log in via OIDC from a client app
3. Delete the account via /idp/account/delete
4. Re-register with the same username
5. Try to log in again from the same browser → server_error