Github user IsurangaPerera commented on a diff in the pull request: https://github.com/apache/syncope/pull/70#discussion_r181094994 --- Diff: core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java --- @@ -135,11 +135,7 @@ accessToken.setAuthorities(authorities); } - accessTokenDAO.save(accessToken); - } - - if (replaceExisting && existing != null) { - accessTokenDAO.delete(existing); + accessTokenDAO.merge(accessToken); --- End diff -- exactly. this is to assure that there can be only one access token associated with a particular user at an any given time and also a workaround to overcome thread not safe problem without affecting the performance(without using serialized isolation)
---