Outline Wiki and Google's SSO integration

We've started using outline's wiki a couple of years ago. We liked it due to its integration with Google's Single-Sign-On (SSO) and Google's documents. In addition to this is quite simple and we have it running on a Heroku instance of our own. It is a nodeJS applicaction (7usd p/m), a Postgres DB and a Redis cache node (at no cost with the instance). So it is a pretty good deal, and as soon as the user is created in Google it already has access to the Wiki. So far upgrades have been smooth and you can back up your data using Heroku's CLI interface.

So what happens when a user you created leaves the company, you delete their Google's account. You can manage this on Outline by suspending the account, but you can not delete it. When the same person comes back to your company, you end up creating a new account with the same email, but this doesn't sit well with Outline as it has a prior association with a different Google account. This would be ok if you can delete the account (in addition to suspending it), but at this time that's not possible. I discuss this with their development team, but for now they see it as a feature enhancement (not a bug) and we decided this blog post might be enough for users that get in the situation we did.

It seemed I had two options to get out of this problem, but there end it up being only one (at least in my case and with my knowledge of Outline API):

  1. Suppossedly you can use their API to delete a user. But I tried it and got into trouble due to my token not having admin priviledges (which I couldn't find an easy way to do).
  2. Go into the database and delete the users data first, and finally the user in question. Next time he logs in it will get created again and you avoid the whole issue.

Steps to delete the user and overcome the problem

First you need to be able to access Postgres CLI interface. In my case I did it with Heroku's CLI tool: heroku pg:psql --app=<your-app-ID>

Secondly you need to get the users ID. There are two options for this, using the API or just run a DB query. As we are already down the DB route you simply do: SELECT id FROM users WHERE email='<the-email-of-your-user-with-problems>';

And finally you need to run a couple of queries using the userID you got in the last step. It has to be done in the order given here (as the database has a proper dependency restrictions you can not get around):

DELETE FROM group_users WHERE "userId"='<userID>';
DELETE FROM events WHERE "userId"='<userID>';
DELETE FROM events WHERE "actorId"='<userID>';
DELETE FROM users WHERE id='<userID>';

Just to give you an example your userID will look something like e69dd388-be62-4ad8-8cd1-fbe9a3c481fa.

Once all of this is done the user no longer exists and you can simply ask him to log in again. The SSO will work this time.

I hope this can help someone else to save time. Cheers!

Related
articles