Delete owned PATs & personal sessions when pruning OAuth2 clients

crates/storage-pg/.sqlx/query-2a61003da3655158e6a261d91fdff670f1b4ba3c56605c53e2b905d7ec38c8be.json

@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                    DELETE FROM personal_access_tokens\n                    WHERE personal_session_id IN (\n                        SELECT personal_session_id\n                        FROM personal_sessions\n                        WHERE owner_oauth2_client_id = $1\n                    )\n                ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "2a61003da3655158e6a261d91fdff670f1b4ba3c56605c53e2b905d7ec38c8be"
+}

crates/storage-pg/.sqlx/query-dca9b361c4409b14498b85f192b0034201575a49e0240ac6715b55ad8d381d0e.json

@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                    DELETE FROM personal_sessions\n                    WHERE owner_oauth2_client_id = $1\n                ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "dca9b361c4409b14498b85f192b0034201575a49e0240ac6715b55ad8d381d0e"
+}

crates/storage-pg/src/oauth2/client.rs

@@ -811,6 +811,49 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> {
             .await?;
         }
 
+        // Delete any personal access tokens & sessions owned
+        // by the client
+        {
+            let span = info_span!(
+                "db.oauth2_client.delete_by_id.personal_access_tokens",
+                { DB_QUERY_TEXT } = tracing::field::Empty,
+            );
+
+            sqlx::query!(
+                r#"
+                    DELETE FROM personal_access_tokens
+                    WHERE personal_session_id IN (
+                        SELECT personal_session_id
+                        FROM personal_sessions
+                        WHERE owner_oauth2_client_id = $1
+                    )
+                "#,
+                Uuid::from(id),
+            )
+            .record(&span)
+            .execute(&mut *self.conn)
+            .instrument(span)
+            .await?;
+        }
+        {
+            let span = info_span!(
+                "db.oauth2_client.delete_by_id.personal_sessions",
+                { DB_QUERY_TEXT } = tracing::field::Empty,
+            );
+
+            sqlx::query!(
+                r#"
+                    DELETE FROM personal_sessions
+                    WHERE owner_oauth2_client_id = $1
+                "#,
+                Uuid::from(id),
+            )
+            .record(&span)
+            .execute(&mut *self.conn)
+            .instrument(span)
+            .await?;
+        }
+
         // Now delete the client itself
         let res = sqlx::query!(
             r#"