Thomas Mortagne I understand the intent behind OIDC-185, but the issue we face is that the change it brought has unintended side-effects, because the group synchronization will run even if the group mapping is null (see https://github.com/xwiki-contrib/oidc/blob/8e624ade09a6a10b9e695d16d90762c311504b2a/oidc-authenticator/src/main/java/org/xwiki/contrib/oidc/auth/internal/OIDCUserManager.java#L690)
We can get situation where users can be removed from groups there were in before, simply because an admin upgraded the OIDC authenticator.
