diff --git a/crates/storage/migrations/20221018142001_init.up.sql b/crates/storage/migrations/20221018142001_init.up.sql
index 979f1bec..9c91adec 100644
--- a/crates/storage/migrations/20221018142001_init.up.sql
+++ b/crates/storage/migrations/20221018142001_init.up.sql
@@ -300,9 +300,10 @@ CREATE TABLE "oauth2_refresh_tokens" (
     CONSTRAINT "oauth2_access_tokens_oauth2_session_id_fkey"
     REFERENCES "oauth2_sessions" ("oauth2_session_id"),
 
-  "oauth2_access_token_id" UUID NOT NULL
+  "oauth2_access_token_id" UUID
     CONSTRAINT "oauth2_refresh_tokens_oauth2_access_token_id_fkey"
-    REFERENCES "oauth2_access_tokens" ("oauth2_access_token_id"),
+    REFERENCES "oauth2_access_tokens" ("oauth2_access_token_id")
+    ON DELETE SET NULL,
 
   "refresh_token" TEXT NOT NULL
     CONSTRAINT "oauth2_refresh_tokens_unique"
diff --git a/crates/storage/src/oauth2/client.rs b/crates/storage/src/oauth2/client.rs
index b22db555..33c00b63 100644
--- a/crates/storage/src/oauth2/client.rs
+++ b/crates/storage/src/oauth2/client.rs
@@ -225,9 +225,10 @@ impl TryInto<Client<PostgresqlBackend>> for OAuth2ClientLookup {
             _ => return Err(ClientFetchError::BothJwksAndJwksUri),
         };
 
+        let id = Ulid::from(self.oauth2_client_id);
         Ok(Client {
-            data: self.oauth2_client_id.into(),
-            client_id: self.oauth2_client_id.to_string(),
+            data: id,
+            client_id: id.to_string(),
             encrypted_client_secret: self.encrypted_client_secret,
             redirect_uris,
             response_types,