From bc1ca1583366a4b382fcd690bc95c015e36ce9ca Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Thu, 8 Jan 2026 13:18:15 +0100
Subject: [PATCH] Remove leftovers from OAuth 2.0 consent tracking cleanup

---
 ...20260108121127_cleanup_oauth2_consents.sql | 18 +++++++++++++++++
 crates/storage-pg/src/oauth2/client.rs        | 20 -------------------
 2 files changed, 18 insertions(+), 20 deletions(-)
 create mode 100644 crates/storage-pg/migrations/20260108121127_cleanup_oauth2_consents.sql

diff --git a/crates/storage-pg/migrations/20260108121127_cleanup_oauth2_consents.sql b/crates/storage-pg/migrations/20260108121127_cleanup_oauth2_consents.sql
new file mode 100644
index 000000000..ec3ea8085
--- /dev/null
+++ b/crates/storage-pg/migrations/20260108121127_cleanup_oauth2_consents.sql
@@ -0,0 +1,18 @@
+-- Copyright 2026 Element Creations Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+-- Please see LICENSE in the repository root for full details.
+
+-- We've removed the idea of conditional consent (just go through the login if
+-- we already consented in the past) but didn't do the cleanup in
+-- https://github.com/element-hq/matrix-authentication-service/pull/4386
+
+-- In this version we completely stopped writing to this table, so that it's
+-- safe to completely drop in the next version
+TRUNCATE TABLE oauth2_consents;
+
+-- We stopped reading and writing in those columns a long time ago, so it's fine
+-- to drop them now
+ALTER TABLE oauth2_authorization_grants
+  DROP COLUMN max_age,
+  DROP COLUMN requires_consent;
diff --git a/crates/storage-pg/src/oauth2/client.rs b/crates/storage-pg/src/oauth2/client.rs
index 8f7d24224..bdfa60145 100644
--- a/crates/storage-pg/src/oauth2/client.rs
+++ b/crates/storage-pg/src/oauth2/client.rs
@@ -725,26 +725,6 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> {
             .await?;
         }
 
-        // Delete the user consents
-        {
-            let span = info_span!(
-                "db.oauth2_client.delete_by_id.consents",
-                { DB_QUERY_TEXT } = tracing::field::Empty,
-            );
-
-            sqlx::query!(
-                r#"
-                    DELETE FROM oauth2_consents
-                    WHERE oauth2_client_id = $1
-                "#,
-                Uuid::from(id),
-            )
-            .record(&span)
-            .execute(&mut *self.conn)
-            .instrument(span)
-            .await?;
-        }
-
         // Delete the OAuth 2 sessions related data
         {
             let span = info_span!(