I updated my initial reply with further details on the corruption i notice, and a new ways to detect it and remove it from the oc_authtoken table for all users.
I had this issue for some users and got it “fixed” in my 26.0.0 nextcloud instance. (this is a bug, but you can fix it with some workarounds)
In my situation we use LDAP as the only user backend. But actual logins use SAML SSO.
If a user has ever logged into nextcloud via ldap directly, using either the special direct login url ( https://nextcloud/index.php/login?direct=1 ), or via a direct WebDAV client connection (winscp in my test case), they will then begin to see the error above anytime t…