OAuth access_token and refresh_token columns too short for long RS256 tokens (VARCHAR(1024))

[Sohail342]

Describe the bug

When using OAuth2 providers such as Authentik with RS256-signed access tokens, the access_token (and sometimes refresh_token) exceeds 1024 characters. This results in a StringDataRightTruncation error in PostgreSQL:

sqlalchemy.exc.DataError: (psycopg.errors.StringDataRightTruncation) value too long for type character varying(1024)

To Reproduce

Steps to reproduce the behavior:

1. Set up FastAPI Users with SQLAlchemyBaseOAuthAccountTableUUID on PostgreSQL.
2. Configure OAuth with an identity provider like Authentik using RS256.
3. Log in using the provider — an access token >1024 characters is issued.
4. Observe the login failure due to StringDataRightTruncation.

Expected behavior

The access_token and refresh_token columns should support longer token strings (e.g., up to 4096 characters) to avoid truncation errors and ensure successful login.

Configuration

• Python version : 3.13
• FastAPI version : 0.115.12
• FastAPI Users version : 14.0.1

FastAPI Users configuration

from fastapi_users.db import SQLAlchemyBaseOAuthAccountTableUUID
from sqlalchemy.orm import Mapped, mapped_column
from sqlalchemy import String
from typing import Optional
from my_app.database import Base

class OAuthAccount(SQLAlchemyBaseOAuthAccountTableUUID, Base):
    access_token: Mapped[str] = mapped_column(String(length=4096), nullable=False)
    refresh_token: Mapped[Optional[str]] = mapped_column(String(length=4096), nullable=True)

Additional context

This was originally reported via maxdorninger/MediaManager#35.
Changing the token length to 4096 resolves the issue.
I'm happy to submit a PR to fix this.

[Sohail342]

@frankie567 review