OAuth access_token and refresh_token columns too short for long RS256 tokens (VARCHAR(1024)) #20
Description
Describe the bug
When using OAuth2 providers such as Authentik with RS256-signed access tokens, the access_token (and sometimes refresh_token) exceeds 1024 characters. This results in a StringDataRightTruncation error in PostgreSQL:
sqlalchemy.exc.DataError: (psycopg.errors.StringDataRightTruncation) value too long for type character varying(1024)To Reproduce
Steps to reproduce the behavior:
- Set up FastAPI Users with
SQLAlchemyBaseOAuthAccountTableUUIDon PostgreSQL. - Configure OAuth with an identity provider like Authentik using RS256.
- Log in using the provider — an access token >1024 characters is issued.
- Observe the login failure due to
StringDataRightTruncation.
Expected behavior
The access_token and refresh_token columns should support longer token strings (e.g., up to 4096 characters) to avoid truncation errors and ensure successful login.
Configuration
- Python version : 3.13
- FastAPI version : 0.115.12
- FastAPI Users version : 14.0.1
FastAPI Users configuration
from fastapi_users.db import SQLAlchemyBaseOAuthAccountTableUUID
from sqlalchemy.orm import Mapped, mapped_column
from sqlalchemy import String
from typing import Optional
from my_app.database import Base
class OAuthAccount(SQLAlchemyBaseOAuthAccountTableUUID, Base):
access_token: Mapped[str] = mapped_column(String(length=4096), nullable=False)
refresh_token: Mapped[Optional[str]] = mapped_column(String(length=4096), nullable=True)Additional context
This was originally reported via maxdorninger/MediaManager#35.
Changing the token length to 4096 resolves the issue.
I'm happy to submit a PR to fix this.