2068675173
The previous implementation iterated find_each(&:revoke!) on both the access-token and refresh-token associations. OidcAccessToken#revoke! also cascades to its refresh tokens, so a chain of N access tokens with their refresh tokens produced ~3N UPDATEs (outer loop + cascade + outer refresh loop double-writing) all while holding a pessimistic lock on the auth_code row. Replace with scoped update_all on each association -- 2 UPDATEs total, no behavior change. Also hoist the repeated refresh_token_record.oidc_authorization_code lookup in the rotation path to a named local and drop the duplicated inline comment. Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
49 KiB
49 KiB