create_user_access_token permission denied for system admin
Original report: https://github.com/mattermost/mattermost-server/issues/15188
v5.25.0, system admin cannot create any tokens.
Steps to reproduce
Create a bot, but cannot create token for this bot and cannot create a user token either
You have to login with a password or SAML to create access tokens. If you login with i.e. GitLab, Mattermost denies the token requests because it thinks you're an OAuth application: https://github.com/mattermost/mattermost-server/blob/7f64199a37b8ddbe722ba611cd6df4f1baba7fd3/api4/user.go#L2048-L2052. The IsOAuth field is set for sessions created through the OAuth2 Server API and for user sessions created through OpenID Connect login providers like GitLab. This looks like someone tried to prevent OAuth clients from creating access tokens but also made it impossible for admins who login through an OpenID Connect provider to do the same. Looks like this commit introduced the ambiguity. Before that change, IsOAuth was always set to false in DoLogin().
QA Test Steps
Login as a sysadmin using an OpenID Connect login provider such as Gitlab
Navigate to integrations / bot accounts and attempt to create a new token for a bot
Creating new token should succeed.
Tested the issue on the latest 5.26 test instance and the issue is fixed now and is working fine. Closing the ticket.
Tested on the 5.25.3-rc1 test instance and the issue is fixed and is working fine. Will close the ticket once it is also tested on 5.26 test instance.