From 65a5bbf422705f4b85b801710d6d4cc45c1294d8 Mon Sep 17 00:00:00 2001
From: Konstantin Wohlwend <n2d4xc@gmail.com>
Date: Tue, 9 Sep 2025 13:54:03 -0700
Subject: [PATCH] Fix race condition when updating multiple refresh tokens at
 the same time

---
 .../[user_id]/[provider_id]/access-token/crud.tsx  | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/backend/src/app/api/latest/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx b/apps/backend/src/app/api/latest/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx
index 093a52a0d..b3410dd22 100644
--- a/apps/backend/src/app/api/latest/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx
+++ b/apps/backend/src/app/api/latest/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx
@@ -141,18 +141,18 @@ export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() => cre
         });
 
         if (tokenSet.refreshToken) {
-          // remove the old token, add the new token to the DB
-          await prisma.oAuthToken.deleteMany({
-            where: {
-              refreshToken: token.refreshToken,
-            },
+          // mark the old token as invalid, add the new token to the DB
+          const oldToken = token;
+          await prisma.oAuthToken.update({
+            where: { id: oldToken.id },
+            data: { isValid: false },
           });
           await prisma.oAuthToken.create({
             data: {
               tenancyId: auth.tenancy.id,
               refreshToken: tokenSet.refreshToken,
-              oauthAccountId: token.projectUserOAuthAccount.id,
-              scopes: token.scopes,
+              oauthAccountId: oldToken.projectUserOAuthAccount.id,
+              scopes: oldToken.scopes,
             }
           });
         }