1 files changed, 12 insertions, 5 deletions

diff --git a/api/user.go b/api/user.go
index 695ab2208..4240a795e 100644
--- a/api/user.go
+++ b/api/user.go
@@ -466,10 +466,14 @@ func RevokeAllSession(c *Context, userId string) {
 
 		for _, session := range sessions {
 			c.LogAuditWithUserId(userId, "session_id="+session.Id)
-			sessionCache.Remove(session.Token)
-			if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil {
-				c.Err = result.Err
-				return
+			if session.IsOAuth {
+				RevokeAccessToken(session.Token)
+			} else {
+				sessionCache.Remove(session.Token)
+				if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil {
+					c.Err = result.Err
+					return
+				}
 			}
 		}
 	}
@@ -1416,7 +1420,7 @@ func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, te
 
 func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser, *model.Team, *model.AppError) {
 	sso := utils.Cfg.GetSSOService(service)
-	if sso != nil && !sso.Enable {
+	if sso == nil || !sso.Enable {
 		return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Unsupported OAuth service provider", "service="+service)
 	}
 
@@ -1458,6 +1462,9 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser
 		return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Token request failed", err.Error())
 	} else {
 		ar = model.AccessResponseFromJson(resp.Body)
+		if ar == nil {
+			return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Bad response from token request", "")
+		}
 	}
 
 	if strings.ToLower(ar.TokenType) != model.ACCESS_TOKEN_TYPE {