Question about data persistence in Dataverse

Skip to first unread message

Frédéric Maguin

Mar 22, 2021, 10:24:50 AM3/22/21
to Dataverse Dev
 Hello Dataverse developpers,

 I have a "small" question regarding data persistence in Dataverse.

 Some context first. For one of our project, we are using Dataverse 5.3 with ORCID authentication. During our tests, we came across the issue
Not a big problem technically. When a user is deleted, the token created in the table oauth2tokendata is not deleted before, raising an error on the constraint fk_oauth2tokendata_user_id.
We could live with it but, planning to go into production, we would prefer to delete users right from the API in case we would have to.

 In order to fix it, I've started my journey in the source code of Dataverse and the pointers related to development for the project.
I managed to write a first fix, successfully working in our test environment but I still have a question before proposing the solution.
The fix would be in where entries related to a user in other tables like userbannermessage and fileaccessrequests are deleted.
This method is called from where the exception is actually raised.
The methods in removeAuthentictedUserItems() called to delete the entries are using SQL queries (eg. deletePendingAccessRequests()). But I noticed the exception raised is coming from EclipseLink. And the ORM is used in, the service called from the API.  I also notice a CRUD class OAuth2TokenDataServiceBean is available for mapping this table but does not implement a delete method.

 So, finally :), should I rather being using the ORM for persistence in that case or is it ok to follow what has been done in removeAuthentictedUserItems() with SQL queries ?

 Thank you for your feedback.

Philip Durbin

Mar 22, 2021, 10:44:56 AM3/22/21
Hi Frédéric,

First, thanks for jumping into the code! That issue #4356 should be fixed by (currently in review) and I just linked them together so that merging the pull request will close the issue. At first I used a native query to remove the OAuth data but then switched to a cascade (all in the same pull request). You can see the change from one to the other here:

I hope this helps. If there are other issues you're thinking about working on, please let us know and we'll be happy to guide you.



You received this message because you are subscribed to the Google Groups "Dataverse Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit


Frédéric Maguin

Mar 22, 2021, 11:09:00 AM3/22/21
to Dataverse Dev
Hello Phil,

Thank you for the super fast answer and for the pointer to the pull request. Will have a look at it in order to see more how Dataverse works.
Sure, I will follow the group as we are more and more using Dataverse on our side.

Reply all
Reply to author
0 new messages