From 5c940e6be91f42ecf2a6eee3067308714f01f712 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Mon, 3 Jul 2023 16:05:05 +0200
Subject: [PATCH] Avoid building a big set of allowed_users if allow_all is
 configured

Co-authored-by: Min RK <benjaminrk@gmail.com>
---
 oauthenticator/oauth2.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauthenticator/oauth2.py b/oauthenticator/oauth2.py
index 9c56fa90..f79e1465 100644
--- a/oauthenticator/oauth2.py
+++ b/oauthenticator/oauth2.py
@@ -610,7 +610,7 @@ def add_user(self, user):
         """
         if not self.validate_username(user.name):
             raise ValueError("Invalid username: %s" % user.name)
-        if self.allow_existing_users:
+        if not self.allow_all and self.allow_existing_users:
             self.allowed_users.add(user.name)
 
     def login_url(self, base_url):