fix: synchronize ConsentDao.create() to prevent random failures

jogu · jogu · commit ebe1fe4c7e21 · 2026-02-23T14:02:45.000Z
ConsentDao.create() was the only method not marked synchronized,
while read(), update(), and delete() all were. This allowed
concurrent unsynchronized puts into the backing LinkedHashMap,
corrupting its internal structure and causing recently created
consents to silently become unreachable.

This hopefully fixes instances where OIDF certification team saw
this error after a while:

{ "error":"invalid_request",
"error_description":"There is no consent corresponding to the consent ID 'urn:example:966a3535-dee0-4d3e-aff2-a8085653e8a1'." }

which could be resolved by restarting java-oauth-server.
diff --git a/src/main/java/com/authlete/jaxrs/server/obb/database/ConsentDao.java b/src/main/java/com/authlete/jaxrs/server/obb/database/ConsentDao.java
@@ -58,7 +58,7 @@ private String generateConsentId()
     }
 
 
-    public Consent create(CreateConsent createConsent, long clientId)
+    public synchronized Consent create(CreateConsent createConsent, long clientId)
     {
         CreateConsentData data = createConsent.getData();
         String consentId = generateConsentId();

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ private String generateConsentId()`
`58`	`58`	`}`
`59`	`59`
`60`	`60`
`61`		`- public Consent create(CreateConsent createConsent, long clientId)`
	`61`	`+ public synchronized Consent create(CreateConsent createConsent, long clientId)`
`62`	`62`	`{`
`63`	`63`	`CreateConsentData data = createConsent.getData();`
`64`	`64`	`String consentId = generateConsentId();`