fix: changinf jti + comma handling

src/main/java/io/supertokens/storage/postgresql/Start.java

@@ -3287,11 +3287,11 @@ public void deleteOAuthLogoutChallengesBefore(long time) throws StorageQueryExce
     @Override
     public void createOrUpdateOAuthSession(AppIdentifier appIdentifier, String gid, String clientId,
                                            String externalRefreshToken, String internalRefreshToken,
-                                           String sessionHandle, List<String> jtis, long exp)
+                                           String sessionHandle, String jti, long exp)
             throws StorageQueryException, OAuthClientNotFoundException {
         try {
             OAuthQueries.createOrUpdateOAuthSession(this, appIdentifier, gid, clientId, externalRefreshToken,
-                    internalRefreshToken, sessionHandle, jtis, exp);
+                    internalRefreshToken, sessionHandle, jti, exp);
         } catch (SQLException e) {
             ServerErrorMessage errorMessage = ((PSQLException) e).getServerErrorMessage();
             PostgreSQLConfig config = Config.getConfig(this);

src/main/java/io/supertokens/storage/postgresql/queries/OAuthQueries.java

@@ -163,29 +163,29 @@ public static OAuthClient getOAuthClientById(Start start, String clientId, AppId
 
     public static void createOrUpdateOAuthSession(Start start, AppIdentifier appIdentifier, @NotNull String gid, @NotNull String clientId,
                                                   String externalRefreshToken, String internalRefreshToken, String sessionHandle,
-                                                  List<String> jtis, long exp)
+                                                  String jti, long exp)
             throws SQLException, StorageQueryException {
         String sessionTable = Config.getConfig(start).getOAuthSessionsTable();
         String QUERY = "INSERT INTO " + sessionTable +
                 " (gid, client_id, app_id, external_refresh_token, internal_refresh_token, session_handle, jti, exp) VALUES (?, ?, ?, ?, ?, ?, ?, ?) " +
                 "ON CONFLICT (gid) DO UPDATE SET external_refresh_token = ?, internal_refresh_token = ?, " +
-                "session_handle = ? , jti = CONCAT("+sessionTable+".jti, ',' , ?), exp = ?";
+                "session_handle = ? , jti = CONCAT("+sessionTable+".jti, ?), exp = ?";
         update(start, QUERY, pst -> {
-            String jtiDbValue = jtis == null ? null : String.join(",", jtis);
+            String jtiToInsert = jti + ",";
 
             pst.setString(1, gid);
             pst.setString(2, clientId);
             pst.setString(3, appIdentifier.getAppId());
             pst.setString(4, externalRefreshToken);
             pst.setString(5, internalRefreshToken);
             pst.setString(6, sessionHandle);
-            pst.setString(7, jtiDbValue);
+            pst.setString(7, jtiToInsert); //the starting list element also has to have a "," at the end as the remove removes "jti + ,"
             pst.setLong(8, exp);
 
             pst.setString(9, externalRefreshToken);
             pst.setString(10, internalRefreshToken);
             pst.setString(11, sessionHandle);
-            pst.setString(12, jtiDbValue);
+            pst.setString(12, jtiToInsert);
             pst.setLong(13, exp);
         });
     }
@@ -283,7 +283,7 @@ public static boolean deleteJTIFromOAuthSession(Start start, AppIdentifier appId
                 + " SET jti = REPLACE(jti, ?, '')" // deletion means replacing the jti with empty char
                 + " WHERE app_id = ? and gid = ?";
         int numberOfRows = update(start, DELETE, pst -> {
-            pst.setString(1, jti);
+            pst.setString(1, jti + ","); //removing with the "," to not leave behind trash
             pst.setString(2, appIdentifier.getAppId());
             pst.setString(3, gid);
         });