From 22cbb13f7de398643b69fe2191cee947f8d86cea Mon Sep 17 00:00:00 2001
From: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
Date: Mon, 20 Oct 2025 07:12:50 -0400
Subject: [PATCH] Add comments to SQL-scripts to ensure robust timezone
 handling

Issue https://github.com/spring-projects/spring-authorization-server/pull/2217
---
 .../client/oauth2-registered-client-schema.sql            | 8 ++++++++
 .../server/authorization/oauth2-authorization-schema.sql  | 8 ++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/oauth2/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql b/oauth2/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql
index a11ff75c88..ff7f1d682e 100644
--- a/oauth2/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql
+++ b/oauth2/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql
@@ -1,3 +1,11 @@
+/*
+IMPORTANT:
+    If using PostgreSQL:
+        - update ALL columns defined with 'timestamp' to 'timestamptz', to ensure that time instants are stored accurately.
+    If using MySQL:
+        - add 'preserveInstants=true&connectionTimeZone=UTC&forceConnectionTimeZoneToSession=true' to JDBC connection URL
+          to ensure that time instants are stored accurately. See https://dev.mysql.com/doc/connector-j/en/connector-j-time-instants.html
+*/
 CREATE TABLE oauth2_registered_client (
     id varchar(100) NOT NULL,
     client_id varchar(100) NOT NULL,
diff --git a/oauth2/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql b/oauth2/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql
index 1528032cfc..f93972822e 100644
--- a/oauth2/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql
+++ b/oauth2/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql
@@ -1,7 +1,11 @@
 /*
 IMPORTANT:
-    If using PostgreSQL, update ALL columns defined with 'blob' to 'text',
-    as PostgreSQL does not support the 'blob' data type.
+    If using PostgreSQL:
+        - update ALL columns defined with 'blob' to 'text', as PostgreSQL does not support the 'blob' data type.
+        - update ALL columns defined with 'timestamp' to 'timestamptz', to ensure that time instants are stored accurately.
+    If using MySQL:
+        - add 'preserveInstants=true&connectionTimeZone=UTC&forceConnectionTimeZoneToSession=true' to JDBC connection URL
+          to ensure that time instants are stored accurately. See https://dev.mysql.com/doc/connector-j/en/connector-j-time-instants.html
 */
 CREATE TABLE oauth2_authorization (
     id varchar(100) NOT NULL,