Switch Login Method from Oauth2 to email via Api

At the moment users login via gitlab oauth2 to login to our mattermost server. But the gitlab server will not be reachable from the mattermost in futere.

So I am trying to switch the login method of all users via the api.

For testing i am trying it with one user. the code looks something like this:

def change_login_method_to_email(users):
    user_id = 'somethingsomething'

    url = f"{get_mattermost_api_url()}/users/login/switch"
    email = 'bla@example.com'
    new_password = 'test.123'

    params = {
        'current_service': 'gitlab',
        'new_service': 'email',
        'email': email,
        'new_password': new_password,

    response = requests.post(url, headers=get_headers(), json=params)


In the documentation says:

To switch from OAuth2/SAML to email, specify current_service, new_service, email and new_password

The output of the script is:

b'{"id":"api.user.oauth_to_email.context.app_error","message":"Update password failed because context user_id did not match provided user\'s id.","detailed_error":"","request_id":"","status_code":403}'

In the get_headers() is the access token of a administrator, which works when I try other endpoints.

In the documentation it says:

No current authentication required except when switching from OAuth2/SAML to email.

So I am trying to do this. But I just don’t know where and how I should authenticate. I tried to create a token for this user and added it to the params as ‘password’: token. nothing changed. Also I created a access token on gitlab, same error. I cannot use gitlab password as MFA is activated for every user.

A workaround would be to change the method in the database and then change the password via the api, but I would rather use the API for all steps.

What am I missing from the documentation?