Issue Summary

In extremely rare cases, when users are performing OAuth grants, the UI might show products that the user may not have access.
/accessible-resources may returns sites/products that user doens't have access to.

Steps to Reproduce

The issue has only been observed with one user/site pair and not readily reproducible. But, the following conditions would be true in such a case.

• user is invited into a site
• in admin hub they'll have product access
• the product they're invited to (i.e. JSW) is deleted from the site
• in admin hub, it'll show that the user doesn't have any product access.
• then user performs OAuth authorzation

Expected Results

sites where users are invited shouldn't be listed in the OAuth authorzation screen.

Actual Results

User is allowed to perform OAuth authorization against such a site as '/accessible-resources' endpoint returns the site.
A token is generated but using the token returns 403 error.

Workaround

Currently there is no known workaround for this behaviour. A workaround will be added here when available