fix(authserver): sync profile defects discovered after PR #125 (#126)

dfcoffin · claude · web-flow · commit a7e66a520ac7 · 2026-05-25T18:40:01.000-04:00
PR #125 patched defects discovered while booting dev-mysql, but two of those patches needed to be propagated to other profiles to prevent the same bugs from biting elsewhere. Audit summarized at #122 Patch 1 — prod profile flyway.target=2.0.0 application-prod.yml uses MySQL vendor migrations, which means a first deploy against a clean prod DB would hit the same V3 schema drift that #125 patched on dev-mysql ("Unknown column 'client_description'"). Added the same target=2.0.0 workaround with a pointer to #123. Will be removed once #123 lands. Patch 2 — H2 V1 UNIQUE on oauth2_registered_client.client_id H2 V1 schema had only PRIMARY KEY (id) on oauth2_registered_client, no unique constraint on client_id. Not blocking H2 boot today (H2's espi_application_info table doesn't declare an FK referencing it), but client_id is unique by OAuth2 semantics and MySQL/PostgreSQL V1 both enforce uniqueness. Added UNIQUE constraint and removed the now-redundant non-unique CREATE INDEX, mirroring the MySQL cleanup from #125. Audited but no change needed - HikariCP auto-commit (patch #6 from #125): dev-postgresql, local, prod, and docker all rely on the HikariCP default (true). The dev-mysql auto-commit: false was an outlier bug, not a shared default. - PostgreSQL V3 INSERT: PostgreSQL V1 already has the columns V3 targets (client_description, contact_*, scope, grant_types, response_types). Different drift pattern from MySQL — no target=2.0.0 workaround needed on dev-postgresql at this time. (V4-V6 drift TBD as part of #123.) Refs: #122 #123 #125 Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
diff --git a/openespi-authserver/src/main/resources/application-prod.yml b/openespi-authserver/src/main/resources/application-prod.yml
@@ -93,6 +93,10 @@ spring:
     schemas: oauth2_authserver
     validate-on-migrate: true
     clean-disabled: true
+    # Skip V3+ pending ESPI 4.0 XSD-aligned schema repair (see issue #123).
+    # V1+V2 provide enough for OAuth2 grant + introspection; V3 onwards is
+    # seed/demo data that references columns missing from MySQL V1.
+    target: "2.0.0"
 
 # Logging Configuration - Production Levels
 logging:
diff --git a/openespi-authserver/src/main/resources/db/vendor/h2/V1_0_0__create_oauth2_schema.sql b/openespi-authserver/src/main/resources/db/vendor/h2/V1_0_0__create_oauth2_schema.sql
@@ -64,7 +64,8 @@ CREATE TABLE oauth2_registered_client (
     scopes varchar(1000) NOT NULL,
     client_settings varchar(2000) NOT NULL,
     token_settings varchar(2000) NOT NULL,
-    PRIMARY KEY (id)
+    PRIMARY KEY (id),
+    CONSTRAINT uk_oauth2_registered_client_client_id UNIQUE (client_id)
 );
 
 -- ESPI Application Information mapping
@@ -105,7 +106,6 @@ CREATE TABLE espi_application_info (
 
 -- Create indexes for performance
 CREATE INDEX idx_oauth2_authorization_client_principal ON oauth2_authorization (registered_client_id, principal_name);
-CREATE INDEX idx_oauth2_registered_client_id ON oauth2_registered_client (client_id);
 CREATE INDEX idx_espi_application_client_id ON espi_application_info (client_id);
 
 -- Insert sample data for local development
