diff --git a/crates/storage-pg/migrations/20260109172950_oauth_refresh_token_next_token_set_null.sql b/crates/storage-pg/migrations/20260109172950_oauth_refresh_token_next_token_set_null.sql
new file mode 100644
index 000000000..734329d3a
--- /dev/null
+++ b/crates/storage-pg/migrations/20260109172950_oauth_refresh_token_next_token_set_null.sql
@@ -0,0 +1,15 @@
+-- Copyright 2026 Element Creations Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+-- Please see LICENSE in the repository root for full details.
+
+-- Replace the foreign key constraint on the next refresh token to set the field
+-- to NULL on delete. We re-introduce the constraint as NOT VALID to avoid
+-- locking the table, and a second migration validates the constraint
+ALTER TABLE oauth2_refresh_tokens
+  DROP CONSTRAINT IF EXISTS oauth2_refresh_tokens_next_oauth2_refresh_token_id_fkey,
+  ADD CONSTRAINT oauth2_refresh_tokens_next_oauth2_refresh_token_id_fkey
+    FOREIGN KEY (next_oauth2_refresh_token_id)
+    REFERENCES oauth2_refresh_tokens (oauth2_refresh_token_id)
+    ON DELETE SET NULL
+    NOT VALID;
diff --git a/crates/storage-pg/migrations/20260109172954_oauth_refresh_token_next_token_set_null_validate.sql b/crates/storage-pg/migrations/20260109172954_oauth_refresh_token_next_token_set_null_validate.sql
new file mode 100644
index 000000000..38b98228d
--- /dev/null
+++ b/crates/storage-pg/migrations/20260109172954_oauth_refresh_token_next_token_set_null_validate.sql
@@ -0,0 +1,9 @@
+-- Copyright 2026 Element Creations Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+-- Please see LICENSE in the repository root for full details.
+
+-- Validate the foreign key constraint on the next refresh token introduced in
+-- the previous migration
+ALTER TABLE oauth2_refresh_tokens
+  VALIDATE CONSTRAINT oauth2_refresh_tokens_next_oauth2_refresh_token_id_fkey;