Open
Description
I'm using Authentik as an identity provider with a remote OAuth2 source. When a user is blocked or deactivated in the remote OAuth2 source, their active session in Authentik remains valid until it expires naturally or is manually revoked. This creates a security risk, as the blocked user can continue accessing applications protected by Authentik until the session ends. I’d like a way to automatically terminate the user’s session in Authentik as soon as they are blocked in the remote source. How can I achieve this with Authentik’s current features, or what would be the recommended approach to implement this functionality?