chore: Bump ent to 0.11.2 (#2640)

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-08-29 11:16:12 +04:00 · 2022-08-29 11:16:12 +04:00 · 7efe1e28a8
parent c5833e6b6f
commit 7efe1e28a8
88 changed files with 982 additions and 5380 deletions
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,7 @@ module github.com/dexidp/dex
 go 1.18

 require (
-	entgo.io/ent v0.10.1
+	entgo.io/ent v0.11.2
 	github.com/AppsFlyer/go-sundheit v0.5.0
 	github.com/Masterminds/semver v1.5.0
 	github.com/Masterminds/sprig/v3 v3.2.2
@ -18,7 +18,7 @@ require (
 	github.com/gorilla/mux v1.8.0
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/kylelemons/godebug v1.1.0
-	github.com/lib/pq v1.10.4
+	github.com/lib/pq v1.10.5
 	github.com/mattermost/xml-roundtrip-validator v0.1.0
 	github.com/mattn/go-sqlite3 v1.14.15
 	github.com/oklog/run v1.1.0
@ -40,7 +40,7 @@ require (
 )

 require (
-	ariga.io/atlas v0.3.7-0.20220303204946-787354f533c3 // indirect
+	ariga.io/atlas v0.5.1-0.20220717122844-8593d7eb1a8e // indirect
 	cloud.google.com/go/compute v1.7.0 // indirect
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
@ -83,8 +83,8 @@ require (
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.17.0 // indirect
-	golang.org/x/mod v0.5.1 // indirect
-	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
 	golang.org/x/text v0.3.7 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f // indirect
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,5 @@
-ariga.io/atlas v0.3.7-0.20220303204946-787354f533c3 h1:fjG4oFCQEfGrRi0QoxWcH2OO28CE6VYa6DkIr3yDySU=
-ariga.io/atlas v0.3.7-0.20220303204946-787354f533c3/go.mod h1:yWGf4VPiD4SW83+kAqzD624txN9VKoJC+bpVXr2pKJA=
+ariga.io/atlas v0.5.1-0.20220717122844-8593d7eb1a8e h1:/r1xGMwmLg4LZ2V3/wWui9TtM3+STh1fp5ExSVRNFZo=
+ariga.io/atlas v0.5.1-0.20220717122844-8593d7eb1a8e/go.mod h1:ofVetkJqlaWle3mvYmaS2uyFGFcc7dSq436tmxa/Mzk=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@ -57,8 +57,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-entgo.io/ent v0.10.1 h1:dM5h4Zk6yHGIgw4dCqVzGw3nWgpGYJiV4/kyHEF6PFo=
-entgo.io/ent v0.10.1/go.mod h1:YPgxeLnoQ/YdpVORRtqjBF+wCy9NX9IR7veTv3Bffus=
+entgo.io/ent v0.11.2 h1:UM2/BUhF2FfsxPHRxLjQbhqJNaDdVlOwNIAMLs2jyto=
+entgo.io/ent v0.11.2/go.mod h1:YGHEQnmmIUgtD5b1ICD5vg74dS3npkNnmC5K+0J+IHU=
 github.com/AppsFlyer/go-sundheit v0.5.0 h1:/VxpyigCfJrq1r97mn9HPiAB2qrhcTFHwNIIDr15CZM=
 github.com/AppsFlyer/go-sundheit v0.5.0/go.mod h1:2ZM0BnfqT/mljBQO224VbL5XH06TgWuQ6Cn+cTtCpTY=
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
@ -300,10 +300,11 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk=
-github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.5 h1:J+gdV2cUmX7ZqL2B0lFcW0m+egaHC2V3lpO8nWxyYiQ=
+github.com/lib/pq v1.10.5/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
 github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
+github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
@ -323,6 +324,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@ -475,8 +477,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
-golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -630,8 +632,9 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -700,6 +703,7 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.13-0.20220804200503-81c7dc4e4efa h1:uKcci2q7Qtp6nMTC/AAvfNUAldFtJuHWV9/5QWiypts=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/storage/ent/db/authcode.go
+++ b/storage/ent/db/authcode.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -192,11 +192,11 @@ func (ac *AuthCode) Update() *AuthCodeUpdateOne {
 // Unwrap unwraps the AuthCode entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (ac *AuthCode) Unwrap() *AuthCode {
-	tx, ok := ac.config.driver.(*txDriver)
+	_tx, ok := ac.config.driver.(*txDriver)
 	if !ok {
 		panic("db: AuthCode is not a transactional entity")
 	}
-	ac.config.driver = tx.drv
+	ac.config.driver = _tx.drv
 	return ac
 }

@ -204,38 +204,52 @@ func (ac *AuthCode) Unwrap() *AuthCode {
 func (ac *AuthCode) String() string {
 	var builder strings.Builder
 	builder.WriteString("AuthCode(")
-	builder.WriteString(fmt.Sprintf("id=%v", ac.ID))
-	builder.WriteString(", client_id=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", ac.ID))
+	builder.WriteString("client_id=")
 	builder.WriteString(ac.ClientID)
-	builder.WriteString(", scopes=")
+	builder.WriteString(", ")
+	builder.WriteString("scopes=")
 	builder.WriteString(fmt.Sprintf("%v", ac.Scopes))
-	builder.WriteString(", nonce=")
+	builder.WriteString(", ")
+	builder.WriteString("nonce=")
 	builder.WriteString(ac.Nonce)
-	builder.WriteString(", redirect_uri=")
+	builder.WriteString(", ")
+	builder.WriteString("redirect_uri=")
 	builder.WriteString(ac.RedirectURI)
-	builder.WriteString(", claims_user_id=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_user_id=")
 	builder.WriteString(ac.ClaimsUserID)
-	builder.WriteString(", claims_username=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_username=")
 	builder.WriteString(ac.ClaimsUsername)
-	builder.WriteString(", claims_email=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_email=")
 	builder.WriteString(ac.ClaimsEmail)
-	builder.WriteString(", claims_email_verified=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_email_verified=")
 	builder.WriteString(fmt.Sprintf("%v", ac.ClaimsEmailVerified))
-	builder.WriteString(", claims_groups=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_groups=")
 	builder.WriteString(fmt.Sprintf("%v", ac.ClaimsGroups))
-	builder.WriteString(", claims_preferred_username=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_preferred_username=")
 	builder.WriteString(ac.ClaimsPreferredUsername)
-	builder.WriteString(", connector_id=")
+	builder.WriteString(", ")
+	builder.WriteString("connector_id=")
 	builder.WriteString(ac.ConnectorID)
+	builder.WriteString(", ")
 	if v := ac.ConnectorData; v != nil {
-		builder.WriteString(", connector_data=")
+		builder.WriteString("connector_data=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
-	builder.WriteString(", expiry=")
+	builder.WriteString(", ")
+	builder.WriteString("expiry=")
 	builder.WriteString(ac.Expiry.Format(time.ANSIC))
-	builder.WriteString(", code_challenge=")
+	builder.WriteString(", ")
+	builder.WriteString("code_challenge=")
 	builder.WriteString(ac.CodeChallenge)
-	builder.WriteString(", code_challenge_method=")
+	builder.WriteString(", ")
+	builder.WriteString("code_challenge_method=")
 	builder.WriteString(ac.CodeChallengeMethod)
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/authcode/authcode.go
+++ b/storage/ent/db/authcode/authcode.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package authcode

--- a/storage/ent/db/authcode/where.go
+++ b/storage/ent/db/authcode/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package authcode

@ -33,12 +33,6 @@ func IDNEQ(id string) predicate.AuthCode {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...string) predicate.AuthCode {
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -50,12 +44,6 @@ func IDIn(ids ...string) predicate.AuthCode {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...string) predicate.AuthCode {
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -204,12 +192,6 @@ func ClientIDIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClientID), v...))
 	})
 }
@ -221,12 +203,6 @@ func ClientIDNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClientID), v...))
 	})
 }
@ -329,12 +305,6 @@ func NonceIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldNonce), v...))
 	})
 }
@ -346,12 +316,6 @@ func NonceNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldNonce), v...))
 	})
 }
@ -440,12 +404,6 @@ func RedirectURIIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldRedirectURI), v...))
 	})
 }
@ -457,12 +415,6 @@ func RedirectURINotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldRedirectURI), v...))
 	})
 }
@ -551,12 +503,6 @@ func ClaimsUserIDIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsUserID), v...))
 	})
 }
@ -568,12 +514,6 @@ func ClaimsUserIDNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsUserID), v...))
 	})
 }
@ -662,12 +602,6 @@ func ClaimsUsernameIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsUsername), v...))
 	})
 }
@ -679,12 +613,6 @@ func ClaimsUsernameNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsUsername), v...))
 	})
 }
@ -773,12 +701,6 @@ func ClaimsEmailIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsEmail), v...))
 	})
 }
@ -790,12 +712,6 @@ func ClaimsEmailNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsEmail), v...))
 	})
 }
@ -912,12 +828,6 @@ func ClaimsPreferredUsernameIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsPreferredUsername), v...))
 	})
 }
@ -929,12 +839,6 @@ func ClaimsPreferredUsernameNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsPreferredUsername), v...))
 	})
 }
@ -1023,12 +927,6 @@ func ConnectorIDIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConnectorID), v...))
 	})
 }
@ -1040,12 +938,6 @@ func ConnectorIDNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConnectorID), v...))
 	})
 }
@ -1134,12 +1026,6 @@ func ConnectorDataIn(vs ...[]byte) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConnectorData), v...))
 	})
 }
@ -1151,12 +1037,6 @@ func ConnectorDataNotIn(vs ...[]byte) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConnectorData), v...))
 	})
 }
@ -1224,12 +1104,6 @@ func ExpiryIn(vs ...time.Time) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldExpiry), v...))
 	})
 }
@ -1241,12 +1115,6 @@ func ExpiryNotIn(vs ...time.Time) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldExpiry), v...))
 	})
 }
@ -1300,12 +1168,6 @@ func CodeChallengeIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldCodeChallenge), v...))
 	})
 }
@ -1317,12 +1179,6 @@ func CodeChallengeNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldCodeChallenge), v...))
 	})
 }
@ -1411,12 +1267,6 @@ func CodeChallengeMethodIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldCodeChallengeMethod), v...))
 	})
 }
@ -1428,12 +1278,6 @@ func CodeChallengeMethodNotIn(vs ...string) predicate.AuthCode {
 		v[i] = vs[i]
 	}
 	return predicate.AuthCode(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldCodeChallengeMethod), v...))
 	})
 }
--- a/storage/ent/db/authcode_create.go
+++ b/storage/ent/db/authcode_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -180,9 +180,15 @@ func (acc *AuthCodeCreate) Save(ctx context.Context) (*AuthCode, error) {
 			}
 			mut = acc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, acc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, acc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*AuthCode)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from AuthCodeMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -310,7 +316,7 @@ func (acc *AuthCodeCreate) sqlSave(ctx context.Context) (*AuthCode, error) {
 	_node, _spec := acc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, acc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -495,7 +501,7 @@ func (accb *AuthCodeCreateBulk) Save(ctx context.Context) ([]*AuthCode, error) {
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, accb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
--- a/storage/ent/db/authcode_delete.go
+++ b/storage/ent/db/authcode_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (acd *AuthCodeDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, acd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, acd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // AuthCodeDeleteOne is the builder for deleting a single AuthCode entity.
--- a/storage/ent/db/authcode_query.go
+++ b/storage/ent/db/authcode_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (acq *AuthCodeQuery) Clone() *AuthCodeQuery {
 //		Scan(ctx, &v)
 //
 func (acq *AuthCodeQuery) GroupBy(field string, fields ...string) *AuthCodeGroupBy {
-	group := &AuthCodeGroupBy{config: acq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &AuthCodeGroupBy{config: acq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := acq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return acq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = authcode.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (acq *AuthCodeQuery) GroupBy(field string, fields ...string) *AuthCodeGroup
 //
 func (acq *AuthCodeQuery) Select(fields ...string) *AuthCodeSelect {
 	acq.fields = append(acq.fields, fields...)
-	return &AuthCodeSelect{AuthCodeQuery: acq}
+	selbuild := &AuthCodeSelect{AuthCodeQuery: acq}
+	selbuild.label = authcode.Label
+	selbuild.flds, selbuild.scan = &acq.fields, selbuild.Scan
+	return selbuild
 }

 func (acq *AuthCodeQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (acq *AuthCodeQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (acq *AuthCodeQuery) sqlAll(ctx context.Context) ([]*AuthCode, error) {
+func (acq *AuthCodeQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*AuthCode, error) {
 	var (
 		nodes = []*AuthCode{}
 		_spec = acq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &AuthCode{config: acq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*AuthCode).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &AuthCode{config: acq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, acq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (acq *AuthCodeQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // AuthCodeGroupBy is the group-by builder for AuthCode entities.
 type AuthCodeGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (acgb *AuthCodeGroupBy) Scan(ctx context.Context, v interface{}) error {
 	return acgb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := acgb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (acgb *AuthCodeGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(acgb.fields) > 1 {
-		return nil, errors.New("db: AuthCodeGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := acgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) StringsX(ctx context.Context) []string {
-	v, err := acgb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (acgb *AuthCodeGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = acgb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authcode.Label}
-	default:
-		err = fmt.Errorf("db: AuthCodeGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) StringX(ctx context.Context) string {
-	v, err := acgb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (acgb *AuthCodeGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(acgb.fields) > 1 {
-		return nil, errors.New("db: AuthCodeGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := acgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) IntsX(ctx context.Context) []int {
-	v, err := acgb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (acgb *AuthCodeGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = acgb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authcode.Label}
-	default:
-		err = fmt.Errorf("db: AuthCodeGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) IntX(ctx context.Context) int {
-	v, err := acgb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (acgb *AuthCodeGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(acgb.fields) > 1 {
-		return nil, errors.New("db: AuthCodeGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := acgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := acgb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (acgb *AuthCodeGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = acgb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authcode.Label}
-	default:
-		err = fmt.Errorf("db: AuthCodeGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := acgb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (acgb *AuthCodeGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(acgb.fields) > 1 {
-		return nil, errors.New("db: AuthCodeGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := acgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := acgb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (acgb *AuthCodeGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = acgb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authcode.Label}
-	default:
-		err = fmt.Errorf("db: AuthCodeGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (acgb *AuthCodeGroupBy) BoolX(ctx context.Context) bool {
-	v, err := acgb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (acgb *AuthCodeGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range acgb.fields {
 		if !authcode.ValidColumn(f) {
@ -702,6 +503,7 @@ func (acgb *AuthCodeGroupBy) sqlQuery() *sql.Selector {
 // AuthCodeSelect is the builder for selecting fields of AuthCode entities.
 type AuthCodeSelect struct {
 	*AuthCodeQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (acs *AuthCodeSelect) Scan(ctx context.Context, v interface{}) error {
 	return acs.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (acs *AuthCodeSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := acs.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (acs *AuthCodeSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(acs.fields) > 1 {
-		return nil, errors.New("db: AuthCodeSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := acs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (acs *AuthCodeSelect) StringsX(ctx context.Context) []string {
-	v, err := acs.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (acs *AuthCodeSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = acs.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authcode.Label}
-	default:
-		err = fmt.Errorf("db: AuthCodeSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (acs *AuthCodeSelect) StringX(ctx context.Context) string {
-	v, err := acs.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (acs *AuthCodeSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(acs.fields) > 1 {
-		return nil, errors.New("db: AuthCodeSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := acs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (acs *AuthCodeSelect) IntsX(ctx context.Context) []int {
-	v, err := acs.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (acs *AuthCodeSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = acs.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authcode.Label}
-	default:
-		err = fmt.Errorf("db: AuthCodeSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (acs *AuthCodeSelect) IntX(ctx context.Context) int {
-	v, err := acs.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (acs *AuthCodeSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(acs.fields) > 1 {
-		return nil, errors.New("db: AuthCodeSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := acs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (acs *AuthCodeSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := acs.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (acs *AuthCodeSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = acs.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authcode.Label}
-	default:
-		err = fmt.Errorf("db: AuthCodeSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (acs *AuthCodeSelect) Float64X(ctx context.Context) float64 {
-	v, err := acs.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (acs *AuthCodeSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(acs.fields) > 1 {
-		return nil, errors.New("db: AuthCodeSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := acs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (acs *AuthCodeSelect) BoolsX(ctx context.Context) []bool {
-	v, err := acs.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (acs *AuthCodeSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = acs.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authcode.Label}
-	default:
-		err = fmt.Errorf("db: AuthCodeSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (acs *AuthCodeSelect) BoolX(ctx context.Context) bool {
-	v, err := acs.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (acs *AuthCodeSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := acs.sql.Query()
--- a/storage/ent/db/authcode_update.go
+++ b/storage/ent/db/authcode_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -410,7 +410,7 @@ func (acu *AuthCodeUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{authcode.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -600,9 +600,15 @@ func (acuo *AuthCodeUpdateOne) Save(ctx context.Context) (*AuthCode, error) {
 			}
 			mut = acuo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, acuo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, acuo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*AuthCode)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from AuthCodeMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -834,7 +840,7 @@ func (acuo *AuthCodeUpdateOne) sqlSave(ctx context.Context) (_node *AuthCode, er
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{authcode.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/authrequest.go
+++ b/storage/ent/db/authrequest.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -226,11 +226,11 @@ func (ar *AuthRequest) Update() *AuthRequestUpdateOne {
 // Unwrap unwraps the AuthRequest entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (ar *AuthRequest) Unwrap() *AuthRequest {
-	tx, ok := ar.config.driver.(*txDriver)
+	_tx, ok := ar.config.driver.(*txDriver)
 	if !ok {
 		panic("db: AuthRequest is not a transactional entity")
 	}
-	ar.config.driver = tx.drv
+	ar.config.driver = _tx.drv
 	return ar
 }

@ -238,46 +238,64 @@ func (ar *AuthRequest) Unwrap() *AuthRequest {
 func (ar *AuthRequest) String() string {
 	var builder strings.Builder
 	builder.WriteString("AuthRequest(")
-	builder.WriteString(fmt.Sprintf("id=%v", ar.ID))
-	builder.WriteString(", client_id=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", ar.ID))
+	builder.WriteString("client_id=")
 	builder.WriteString(ar.ClientID)
-	builder.WriteString(", scopes=")
+	builder.WriteString(", ")
+	builder.WriteString("scopes=")
 	builder.WriteString(fmt.Sprintf("%v", ar.Scopes))
-	builder.WriteString(", response_types=")
+	builder.WriteString(", ")
+	builder.WriteString("response_types=")
 	builder.WriteString(fmt.Sprintf("%v", ar.ResponseTypes))
-	builder.WriteString(", redirect_uri=")
+	builder.WriteString(", ")
+	builder.WriteString("redirect_uri=")
 	builder.WriteString(ar.RedirectURI)
-	builder.WriteString(", nonce=")
+	builder.WriteString(", ")
+	builder.WriteString("nonce=")
 	builder.WriteString(ar.Nonce)
-	builder.WriteString(", state=")
+	builder.WriteString(", ")
+	builder.WriteString("state=")
 	builder.WriteString(ar.State)
-	builder.WriteString(", force_approval_prompt=")
+	builder.WriteString(", ")
+	builder.WriteString("force_approval_prompt=")
 	builder.WriteString(fmt.Sprintf("%v", ar.ForceApprovalPrompt))
-	builder.WriteString(", logged_in=")
+	builder.WriteString(", ")
+	builder.WriteString("logged_in=")
 	builder.WriteString(fmt.Sprintf("%v", ar.LoggedIn))
-	builder.WriteString(", claims_user_id=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_user_id=")
 	builder.WriteString(ar.ClaimsUserID)
-	builder.WriteString(", claims_username=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_username=")
 	builder.WriteString(ar.ClaimsUsername)
-	builder.WriteString(", claims_email=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_email=")
 	builder.WriteString(ar.ClaimsEmail)
-	builder.WriteString(", claims_email_verified=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_email_verified=")
 	builder.WriteString(fmt.Sprintf("%v", ar.ClaimsEmailVerified))
-	builder.WriteString(", claims_groups=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_groups=")
 	builder.WriteString(fmt.Sprintf("%v", ar.ClaimsGroups))
-	builder.WriteString(", claims_preferred_username=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_preferred_username=")
 	builder.WriteString(ar.ClaimsPreferredUsername)
-	builder.WriteString(", connector_id=")
+	builder.WriteString(", ")
+	builder.WriteString("connector_id=")
 	builder.WriteString(ar.ConnectorID)
+	builder.WriteString(", ")
 	if v := ar.ConnectorData; v != nil {
-		builder.WriteString(", connector_data=")
+		builder.WriteString("connector_data=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
-	builder.WriteString(", expiry=")
+	builder.WriteString(", ")
+	builder.WriteString("expiry=")
 	builder.WriteString(ar.Expiry.Format(time.ANSIC))
-	builder.WriteString(", code_challenge=")
+	builder.WriteString(", ")
+	builder.WriteString("code_challenge=")
 	builder.WriteString(ar.CodeChallenge)
-	builder.WriteString(", code_challenge_method=")
+	builder.WriteString(", ")
+	builder.WriteString("code_challenge_method=")
 	builder.WriteString(ar.CodeChallengeMethod)
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/authrequest/authrequest.go
+++ b/storage/ent/db/authrequest/authrequest.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package authrequest

--- a/storage/ent/db/authrequest/where.go
+++ b/storage/ent/db/authrequest/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package authrequest

@ -33,12 +33,6 @@ func IDNEQ(id string) predicate.AuthRequest {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...string) predicate.AuthRequest {
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -50,12 +44,6 @@ func IDIn(ids ...string) predicate.AuthRequest {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...string) predicate.AuthRequest {
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -225,12 +213,6 @@ func ClientIDIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClientID), v...))
 	})
 }
@ -242,12 +224,6 @@ func ClientIDNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClientID), v...))
 	})
 }
@ -364,12 +340,6 @@ func RedirectURIIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldRedirectURI), v...))
 	})
 }
@ -381,12 +351,6 @@ func RedirectURINotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldRedirectURI), v...))
 	})
 }
@ -475,12 +439,6 @@ func NonceIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldNonce), v...))
 	})
 }
@ -492,12 +450,6 @@ func NonceNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldNonce), v...))
 	})
 }
@ -586,12 +538,6 @@ func StateIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldState), v...))
 	})
 }
@ -603,12 +549,6 @@ func StateNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldState), v...))
 	})
 }
@ -725,12 +665,6 @@ func ClaimsUserIDIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsUserID), v...))
 	})
 }
@ -742,12 +676,6 @@ func ClaimsUserIDNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsUserID), v...))
 	})
 }
@ -836,12 +764,6 @@ func ClaimsUsernameIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsUsername), v...))
 	})
 }
@ -853,12 +775,6 @@ func ClaimsUsernameNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsUsername), v...))
 	})
 }
@ -947,12 +863,6 @@ func ClaimsEmailIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsEmail), v...))
 	})
 }
@ -964,12 +874,6 @@ func ClaimsEmailNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsEmail), v...))
 	})
 }
@ -1086,12 +990,6 @@ func ClaimsPreferredUsernameIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsPreferredUsername), v...))
 	})
 }
@ -1103,12 +1001,6 @@ func ClaimsPreferredUsernameNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsPreferredUsername), v...))
 	})
 }
@ -1197,12 +1089,6 @@ func ConnectorIDIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConnectorID), v...))
 	})
 }
@ -1214,12 +1100,6 @@ func ConnectorIDNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConnectorID), v...))
 	})
 }
@ -1308,12 +1188,6 @@ func ConnectorDataIn(vs ...[]byte) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConnectorData), v...))
 	})
 }
@ -1325,12 +1199,6 @@ func ConnectorDataNotIn(vs ...[]byte) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConnectorData), v...))
 	})
 }
@ -1398,12 +1266,6 @@ func ExpiryIn(vs ...time.Time) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldExpiry), v...))
 	})
 }
@ -1415,12 +1277,6 @@ func ExpiryNotIn(vs ...time.Time) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldExpiry), v...))
 	})
 }
@ -1474,12 +1330,6 @@ func CodeChallengeIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldCodeChallenge), v...))
 	})
 }
@ -1491,12 +1341,6 @@ func CodeChallengeNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldCodeChallenge), v...))
 	})
 }
@ -1585,12 +1429,6 @@ func CodeChallengeMethodIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldCodeChallengeMethod), v...))
 	})
 }
@ -1602,12 +1440,6 @@ func CodeChallengeMethodNotIn(vs ...string) predicate.AuthRequest {
 		v[i] = vs[i]
 	}
 	return predicate.AuthRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldCodeChallengeMethod), v...))
 	})
 }
--- a/storage/ent/db/authrequest_create.go
+++ b/storage/ent/db/authrequest_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -204,9 +204,15 @@ func (arc *AuthRequestCreate) Save(ctx context.Context) (*AuthRequest, error) {
 			}
 			mut = arc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, arc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, arc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*AuthRequest)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from AuthRequestMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -308,7 +314,7 @@ func (arc *AuthRequestCreate) sqlSave(ctx context.Context) (*AuthRequest, error)
 	_node, _spec := arc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, arc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -525,7 +531,7 @@ func (arcb *AuthRequestCreateBulk) Save(ctx context.Context) ([]*AuthRequest, er
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, arcb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
--- a/storage/ent/db/authrequest_delete.go
+++ b/storage/ent/db/authrequest_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (ard *AuthRequestDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, ard.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, ard.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // AuthRequestDeleteOne is the builder for deleting a single AuthRequest entity.
--- a/storage/ent/db/authrequest_query.go
+++ b/storage/ent/db/authrequest_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (arq *AuthRequestQuery) Clone() *AuthRequestQuery {
 //		Scan(ctx, &v)
 //
 func (arq *AuthRequestQuery) GroupBy(field string, fields ...string) *AuthRequestGroupBy {
-	group := &AuthRequestGroupBy{config: arq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &AuthRequestGroupBy{config: arq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := arq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return arq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = authrequest.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (arq *AuthRequestQuery) GroupBy(field string, fields ...string) *AuthReques
 //
 func (arq *AuthRequestQuery) Select(fields ...string) *AuthRequestSelect {
 	arq.fields = append(arq.fields, fields...)
-	return &AuthRequestSelect{AuthRequestQuery: arq}
+	selbuild := &AuthRequestSelect{AuthRequestQuery: arq}
+	selbuild.label = authrequest.Label
+	selbuild.flds, selbuild.scan = &arq.fields, selbuild.Scan
+	return selbuild
 }

 func (arq *AuthRequestQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (arq *AuthRequestQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (arq *AuthRequestQuery) sqlAll(ctx context.Context) ([]*AuthRequest, error) {
+func (arq *AuthRequestQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*AuthRequest, error) {
 	var (
 		nodes = []*AuthRequest{}
 		_spec = arq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &AuthRequest{config: arq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*AuthRequest).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &AuthRequest{config: arq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, arq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (arq *AuthRequestQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // AuthRequestGroupBy is the group-by builder for AuthRequest entities.
 type AuthRequestGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (argb *AuthRequestGroupBy) Scan(ctx context.Context, v interface{}) error {
 	return argb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := argb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (argb *AuthRequestGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(argb.fields) > 1 {
-		return nil, errors.New("db: AuthRequestGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := argb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) StringsX(ctx context.Context) []string {
-	v, err := argb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (argb *AuthRequestGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = argb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authrequest.Label}
-	default:
-		err = fmt.Errorf("db: AuthRequestGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) StringX(ctx context.Context) string {
-	v, err := argb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (argb *AuthRequestGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(argb.fields) > 1 {
-		return nil, errors.New("db: AuthRequestGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := argb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) IntsX(ctx context.Context) []int {
-	v, err := argb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (argb *AuthRequestGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = argb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authrequest.Label}
-	default:
-		err = fmt.Errorf("db: AuthRequestGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) IntX(ctx context.Context) int {
-	v, err := argb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (argb *AuthRequestGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(argb.fields) > 1 {
-		return nil, errors.New("db: AuthRequestGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := argb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := argb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (argb *AuthRequestGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = argb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authrequest.Label}
-	default:
-		err = fmt.Errorf("db: AuthRequestGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := argb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (argb *AuthRequestGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(argb.fields) > 1 {
-		return nil, errors.New("db: AuthRequestGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := argb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := argb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (argb *AuthRequestGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = argb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authrequest.Label}
-	default:
-		err = fmt.Errorf("db: AuthRequestGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (argb *AuthRequestGroupBy) BoolX(ctx context.Context) bool {
-	v, err := argb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (argb *AuthRequestGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range argb.fields {
 		if !authrequest.ValidColumn(f) {
@ -702,6 +503,7 @@ func (argb *AuthRequestGroupBy) sqlQuery() *sql.Selector {
 // AuthRequestSelect is the builder for selecting fields of AuthRequest entities.
 type AuthRequestSelect struct {
 	*AuthRequestQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (ars *AuthRequestSelect) Scan(ctx context.Context, v interface{}) error {
 	return ars.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (ars *AuthRequestSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := ars.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (ars *AuthRequestSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(ars.fields) > 1 {
-		return nil, errors.New("db: AuthRequestSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := ars.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (ars *AuthRequestSelect) StringsX(ctx context.Context) []string {
-	v, err := ars.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (ars *AuthRequestSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = ars.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authrequest.Label}
-	default:
-		err = fmt.Errorf("db: AuthRequestSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (ars *AuthRequestSelect) StringX(ctx context.Context) string {
-	v, err := ars.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (ars *AuthRequestSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(ars.fields) > 1 {
-		return nil, errors.New("db: AuthRequestSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := ars.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (ars *AuthRequestSelect) IntsX(ctx context.Context) []int {
-	v, err := ars.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (ars *AuthRequestSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = ars.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authrequest.Label}
-	default:
-		err = fmt.Errorf("db: AuthRequestSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (ars *AuthRequestSelect) IntX(ctx context.Context) int {
-	v, err := ars.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (ars *AuthRequestSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(ars.fields) > 1 {
-		return nil, errors.New("db: AuthRequestSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := ars.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (ars *AuthRequestSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := ars.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (ars *AuthRequestSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = ars.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authrequest.Label}
-	default:
-		err = fmt.Errorf("db: AuthRequestSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (ars *AuthRequestSelect) Float64X(ctx context.Context) float64 {
-	v, err := ars.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (ars *AuthRequestSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(ars.fields) > 1 {
-		return nil, errors.New("db: AuthRequestSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := ars.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (ars *AuthRequestSelect) BoolsX(ctx context.Context) []bool {
-	v, err := ars.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (ars *AuthRequestSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = ars.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{authrequest.Label}
-	default:
-		err = fmt.Errorf("db: AuthRequestSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (ars *AuthRequestSelect) BoolX(ctx context.Context) bool {
-	v, err := ars.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (ars *AuthRequestSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := ars.sql.Query()
--- a/storage/ent/db/authrequest_update.go
+++ b/storage/ent/db/authrequest_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -428,7 +428,7 @@ func (aru *AuthRequestUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{authrequest.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -642,9 +642,15 @@ func (aruo *AuthRequestUpdateOne) Save(ctx context.Context) (*AuthRequest, error
 			}
 			mut = aruo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, aruo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, aruo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*AuthRequest)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from AuthRequestMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -870,7 +876,7 @@ func (aruo *AuthRequestUpdateOne) sqlSave(ctx context.Context) (_node *AuthReque
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{authrequest.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/client.go
+++ b/storage/ent/db/client.go
@ -1,9 +1,10 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
+	"errors"
 	"fmt"
 	"log"

@ -94,7 +95,7 @@ func Open(driverName, dataSourceName string, options ...Option) (*Client, error)
 // is used until the transaction is committed or rolled back.
 func (c *Client) Tx(ctx context.Context) (*Tx, error) {
 	if _, ok := c.driver.(*txDriver); ok {
-		return nil, fmt.Errorf("db: cannot start a transaction within a transaction")
+		return nil, errors.New("db: cannot start a transaction within a transaction")
 	}
 	tx, err := newTx(ctx, c.driver)
 	if err != nil {
@ -121,7 +122,7 @@ func (c *Client) Tx(ctx context.Context) (*Tx, error) {
 // BeginTx returns a transactional client with specified options.
 func (c *Client) BeginTx(ctx context.Context, opts *sql.TxOptions) (*Tx, error) {
 	if _, ok := c.driver.(*txDriver); ok {
-		return nil, fmt.Errorf("ent: cannot start a transaction within a transaction")
+		return nil, errors.New("ent: cannot start a transaction within a transaction")
 	}
 	tx, err := c.driver.(interface {
 		BeginTx(context.Context, *sql.TxOptions) (dialect.Tx, error)
@ -201,7 +202,7 @@ func (c *AuthCodeClient) Use(hooks ...Hook) {
 	c.hooks.AuthCode = append(c.hooks.AuthCode, hooks...)
 }

-// Create returns a create builder for AuthCode.
+// Create returns a builder for creating a AuthCode entity.
 func (c *AuthCodeClient) Create() *AuthCodeCreate {
 	mutation := newAuthCodeMutation(c.config, OpCreate)
 	return &AuthCodeCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -236,12 +237,12 @@ func (c *AuthCodeClient) Delete() *AuthCodeDelete {
 	return &AuthCodeDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *AuthCodeClient) DeleteOne(ac *AuthCode) *AuthCodeDeleteOne {
 	return c.DeleteOneID(ac.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *AuthCodeClient) DeleteOneID(id string) *AuthCodeDeleteOne {
 	builder := c.Delete().Where(authcode.ID(id))
 	builder.mutation.id = &id
@ -291,7 +292,7 @@ func (c *AuthRequestClient) Use(hooks ...Hook) {
 	c.hooks.AuthRequest = append(c.hooks.AuthRequest, hooks...)
 }

-// Create returns a create builder for AuthRequest.
+// Create returns a builder for creating a AuthRequest entity.
 func (c *AuthRequestClient) Create() *AuthRequestCreate {
 	mutation := newAuthRequestMutation(c.config, OpCreate)
 	return &AuthRequestCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -326,12 +327,12 @@ func (c *AuthRequestClient) Delete() *AuthRequestDelete {
 	return &AuthRequestDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *AuthRequestClient) DeleteOne(ar *AuthRequest) *AuthRequestDeleteOne {
 	return c.DeleteOneID(ar.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *AuthRequestClient) DeleteOneID(id string) *AuthRequestDeleteOne {
 	builder := c.Delete().Where(authrequest.ID(id))
 	builder.mutation.id = &id
@ -381,7 +382,7 @@ func (c *ConnectorClient) Use(hooks ...Hook) {
 	c.hooks.Connector = append(c.hooks.Connector, hooks...)
 }

-// Create returns a create builder for Connector.
+// Create returns a builder for creating a Connector entity.
 func (c *ConnectorClient) Create() *ConnectorCreate {
 	mutation := newConnectorMutation(c.config, OpCreate)
 	return &ConnectorCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -416,12 +417,12 @@ func (c *ConnectorClient) Delete() *ConnectorDelete {
 	return &ConnectorDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *ConnectorClient) DeleteOne(co *Connector) *ConnectorDeleteOne {
 	return c.DeleteOneID(co.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *ConnectorClient) DeleteOneID(id string) *ConnectorDeleteOne {
 	builder := c.Delete().Where(connector.ID(id))
 	builder.mutation.id = &id
@ -471,7 +472,7 @@ func (c *DeviceRequestClient) Use(hooks ...Hook) {
 	c.hooks.DeviceRequest = append(c.hooks.DeviceRequest, hooks...)
 }

-// Create returns a create builder for DeviceRequest.
+// Create returns a builder for creating a DeviceRequest entity.
 func (c *DeviceRequestClient) Create() *DeviceRequestCreate {
 	mutation := newDeviceRequestMutation(c.config, OpCreate)
 	return &DeviceRequestCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -506,12 +507,12 @@ func (c *DeviceRequestClient) Delete() *DeviceRequestDelete {
 	return &DeviceRequestDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *DeviceRequestClient) DeleteOne(dr *DeviceRequest) *DeviceRequestDeleteOne {
 	return c.DeleteOneID(dr.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *DeviceRequestClient) DeleteOneID(id int) *DeviceRequestDeleteOne {
 	builder := c.Delete().Where(devicerequest.ID(id))
 	builder.mutation.id = &id
@ -561,7 +562,7 @@ func (c *DeviceTokenClient) Use(hooks ...Hook) {
 	c.hooks.DeviceToken = append(c.hooks.DeviceToken, hooks...)
 }

-// Create returns a create builder for DeviceToken.
+// Create returns a builder for creating a DeviceToken entity.
 func (c *DeviceTokenClient) Create() *DeviceTokenCreate {
 	mutation := newDeviceTokenMutation(c.config, OpCreate)
 	return &DeviceTokenCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -596,12 +597,12 @@ func (c *DeviceTokenClient) Delete() *DeviceTokenDelete {
 	return &DeviceTokenDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *DeviceTokenClient) DeleteOne(dt *DeviceToken) *DeviceTokenDeleteOne {
 	return c.DeleteOneID(dt.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *DeviceTokenClient) DeleteOneID(id int) *DeviceTokenDeleteOne {
 	builder := c.Delete().Where(devicetoken.ID(id))
 	builder.mutation.id = &id
@ -651,7 +652,7 @@ func (c *KeysClient) Use(hooks ...Hook) {
 	c.hooks.Keys = append(c.hooks.Keys, hooks...)
 }

-// Create returns a create builder for Keys.
+// Create returns a builder for creating a Keys entity.
 func (c *KeysClient) Create() *KeysCreate {
 	mutation := newKeysMutation(c.config, OpCreate)
 	return &KeysCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -686,12 +687,12 @@ func (c *KeysClient) Delete() *KeysDelete {
 	return &KeysDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *KeysClient) DeleteOne(k *Keys) *KeysDeleteOne {
 	return c.DeleteOneID(k.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *KeysClient) DeleteOneID(id string) *KeysDeleteOne {
 	builder := c.Delete().Where(keys.ID(id))
 	builder.mutation.id = &id
@ -741,7 +742,7 @@ func (c *OAuth2ClientClient) Use(hooks ...Hook) {
 	c.hooks.OAuth2Client = append(c.hooks.OAuth2Client, hooks...)
 }

-// Create returns a create builder for OAuth2Client.
+// Create returns a builder for creating a OAuth2Client entity.
 func (c *OAuth2ClientClient) Create() *OAuth2ClientCreate {
 	mutation := newOAuth2ClientMutation(c.config, OpCreate)
 	return &OAuth2ClientCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -776,12 +777,12 @@ func (c *OAuth2ClientClient) Delete() *OAuth2ClientDelete {
 	return &OAuth2ClientDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *OAuth2ClientClient) DeleteOne(o *OAuth2Client) *OAuth2ClientDeleteOne {
 	return c.DeleteOneID(o.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *OAuth2ClientClient) DeleteOneID(id string) *OAuth2ClientDeleteOne {
 	builder := c.Delete().Where(oauth2client.ID(id))
 	builder.mutation.id = &id
@ -831,7 +832,7 @@ func (c *OfflineSessionClient) Use(hooks ...Hook) {
 	c.hooks.OfflineSession = append(c.hooks.OfflineSession, hooks...)
 }

-// Create returns a create builder for OfflineSession.
+// Create returns a builder for creating a OfflineSession entity.
 func (c *OfflineSessionClient) Create() *OfflineSessionCreate {
 	mutation := newOfflineSessionMutation(c.config, OpCreate)
 	return &OfflineSessionCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -866,12 +867,12 @@ func (c *OfflineSessionClient) Delete() *OfflineSessionDelete {
 	return &OfflineSessionDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *OfflineSessionClient) DeleteOne(os *OfflineSession) *OfflineSessionDeleteOne {
 	return c.DeleteOneID(os.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *OfflineSessionClient) DeleteOneID(id string) *OfflineSessionDeleteOne {
 	builder := c.Delete().Where(offlinesession.ID(id))
 	builder.mutation.id = &id
@ -921,7 +922,7 @@ func (c *PasswordClient) Use(hooks ...Hook) {
 	c.hooks.Password = append(c.hooks.Password, hooks...)
 }

-// Create returns a create builder for Password.
+// Create returns a builder for creating a Password entity.
 func (c *PasswordClient) Create() *PasswordCreate {
 	mutation := newPasswordMutation(c.config, OpCreate)
 	return &PasswordCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -956,12 +957,12 @@ func (c *PasswordClient) Delete() *PasswordDelete {
 	return &PasswordDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *PasswordClient) DeleteOne(pa *Password) *PasswordDeleteOne {
 	return c.DeleteOneID(pa.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *PasswordClient) DeleteOneID(id int) *PasswordDeleteOne {
 	builder := c.Delete().Where(password.ID(id))
 	builder.mutation.id = &id
@ -1011,7 +1012,7 @@ func (c *RefreshTokenClient) Use(hooks ...Hook) {
 	c.hooks.RefreshToken = append(c.hooks.RefreshToken, hooks...)
 }

-// Create returns a create builder for RefreshToken.
+// Create returns a builder for creating a RefreshToken entity.
 func (c *RefreshTokenClient) Create() *RefreshTokenCreate {
 	mutation := newRefreshTokenMutation(c.config, OpCreate)
 	return &RefreshTokenCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
@ -1046,12 +1047,12 @@ func (c *RefreshTokenClient) Delete() *RefreshTokenDelete {
 	return &RefreshTokenDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }

-// DeleteOne returns a delete builder for the given entity.
+// DeleteOne returns a builder for deleting the given entity.
 func (c *RefreshTokenClient) DeleteOne(rt *RefreshToken) *RefreshTokenDeleteOne {
 	return c.DeleteOneID(rt.ID)
 }

-// DeleteOneID returns a delete builder for the given id.
+// DeleteOne returns a builder for deleting the given entity by its id.
 func (c *RefreshTokenClient) DeleteOneID(id string) *RefreshTokenDeleteOne {
 	builder := c.Delete().Where(refreshtoken.ID(id))
 	builder.mutation.id = &id
--- a/storage/ent/db/config.go
+++ b/storage/ent/db/config.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

--- a/storage/ent/db/connector.go
+++ b/storage/ent/db/connector.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -94,11 +94,11 @@ func (c *Connector) Update() *ConnectorUpdateOne {
 // Unwrap unwraps the Connector entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (c *Connector) Unwrap() *Connector {
-	tx, ok := c.config.driver.(*txDriver)
+	_tx, ok := c.config.driver.(*txDriver)
 	if !ok {
 		panic("db: Connector is not a transactional entity")
 	}
-	c.config.driver = tx.drv
+	c.config.driver = _tx.drv
 	return c
 }

@ -106,14 +106,17 @@ func (c *Connector) Unwrap() *Connector {
 func (c *Connector) String() string {
 	var builder strings.Builder
 	builder.WriteString("Connector(")
-	builder.WriteString(fmt.Sprintf("id=%v", c.ID))
-	builder.WriteString(", type=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", c.ID))
+	builder.WriteString("type=")
 	builder.WriteString(c.Type)
-	builder.WriteString(", name=")
+	builder.WriteString(", ")
+	builder.WriteString("name=")
 	builder.WriteString(c.Name)
-	builder.WriteString(", resource_version=")
+	builder.WriteString(", ")
+	builder.WriteString("resource_version=")
 	builder.WriteString(c.ResourceVersion)
-	builder.WriteString(", config=")
+	builder.WriteString(", ")
+	builder.WriteString("config=")
 	builder.WriteString(fmt.Sprintf("%v", c.Config))
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/connector/connector.go
+++ b/storage/ent/db/connector/connector.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package connector

--- a/storage/ent/db/connector/where.go
+++ b/storage/ent/db/connector/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package connector

@ -31,12 +31,6 @@ func IDNEQ(id string) predicate.Connector {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...string) predicate.Connector {
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -48,12 +42,6 @@ func IDIn(ids ...string) predicate.Connector {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...string) predicate.Connector {
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -139,12 +127,6 @@ func TypeIn(vs ...string) predicate.Connector {
 		v[i] = vs[i]
 	}
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldType), v...))
 	})
 }
@ -156,12 +138,6 @@ func TypeNotIn(vs ...string) predicate.Connector {
 		v[i] = vs[i]
 	}
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldType), v...))
 	})
 }
@ -250,12 +226,6 @@ func NameIn(vs ...string) predicate.Connector {
 		v[i] = vs[i]
 	}
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldName), v...))
 	})
 }
@ -267,12 +237,6 @@ func NameNotIn(vs ...string) predicate.Connector {
 		v[i] = vs[i]
 	}
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldName), v...))
 	})
 }
@ -361,12 +325,6 @@ func ResourceVersionIn(vs ...string) predicate.Connector {
 		v[i] = vs[i]
 	}
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldResourceVersion), v...))
 	})
 }
@ -378,12 +336,6 @@ func ResourceVersionNotIn(vs ...string) predicate.Connector {
 		v[i] = vs[i]
 	}
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldResourceVersion), v...))
 	})
 }
@ -472,12 +424,6 @@ func ConfigIn(vs ...[]byte) predicate.Connector {
 		v[i] = vs[i]
 	}
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConfig), v...))
 	})
 }
@ -489,12 +435,6 @@ func ConfigNotIn(vs ...[]byte) predicate.Connector {
 		v[i] = vs[i]
 	}
 	return predicate.Connector(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConfig), v...))
 	})
 }
--- a/storage/ent/db/connector_create.go
+++ b/storage/ent/db/connector_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -88,9 +88,15 @@ func (cc *ConnectorCreate) Save(ctx context.Context) (*Connector, error) {
 			}
 			mut = cc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, cc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, cc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*Connector)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from ConnectorMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -153,7 +159,7 @@ func (cc *ConnectorCreate) sqlSave(ctx context.Context) (*Connector, error) {
 	_node, _spec := cc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, cc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -249,7 +255,7 @@ func (ccb *ConnectorCreateBulk) Save(ctx context.Context) ([]*Connector, error)
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, ccb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
--- a/storage/ent/db/connector_delete.go
+++ b/storage/ent/db/connector_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (cd *ConnectorDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, cd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, cd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // ConnectorDeleteOne is the builder for deleting a single Connector entity.
--- a/storage/ent/db/connector_query.go
+++ b/storage/ent/db/connector_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (cq *ConnectorQuery) Clone() *ConnectorQuery {
 //		Scan(ctx, &v)
 //
 func (cq *ConnectorQuery) GroupBy(field string, fields ...string) *ConnectorGroupBy {
-	group := &ConnectorGroupBy{config: cq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &ConnectorGroupBy{config: cq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := cq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return cq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = connector.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (cq *ConnectorQuery) GroupBy(field string, fields ...string) *ConnectorGrou
 //
 func (cq *ConnectorQuery) Select(fields ...string) *ConnectorSelect {
 	cq.fields = append(cq.fields, fields...)
-	return &ConnectorSelect{ConnectorQuery: cq}
+	selbuild := &ConnectorSelect{ConnectorQuery: cq}
+	selbuild.label = connector.Label
+	selbuild.flds, selbuild.scan = &cq.fields, selbuild.Scan
+	return selbuild
 }

 func (cq *ConnectorQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (cq *ConnectorQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (cq *ConnectorQuery) sqlAll(ctx context.Context) ([]*Connector, error) {
+func (cq *ConnectorQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*Connector, error) {
 	var (
 		nodes = []*Connector{}
 		_spec = cq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &Connector{config: cq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*Connector).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &Connector{config: cq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, cq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (cq *ConnectorQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // ConnectorGroupBy is the group-by builder for Connector entities.
 type ConnectorGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (cgb *ConnectorGroupBy) Scan(ctx context.Context, v interface{}) error {
 	return cgb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := cgb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (cgb *ConnectorGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(cgb.fields) > 1 {
-		return nil, errors.New("db: ConnectorGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := cgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) StringsX(ctx context.Context) []string {
-	v, err := cgb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (cgb *ConnectorGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = cgb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{connector.Label}
-	default:
-		err = fmt.Errorf("db: ConnectorGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) StringX(ctx context.Context) string {
-	v, err := cgb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (cgb *ConnectorGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(cgb.fields) > 1 {
-		return nil, errors.New("db: ConnectorGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := cgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) IntsX(ctx context.Context) []int {
-	v, err := cgb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (cgb *ConnectorGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = cgb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{connector.Label}
-	default:
-		err = fmt.Errorf("db: ConnectorGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) IntX(ctx context.Context) int {
-	v, err := cgb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (cgb *ConnectorGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(cgb.fields) > 1 {
-		return nil, errors.New("db: ConnectorGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := cgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := cgb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (cgb *ConnectorGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = cgb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{connector.Label}
-	default:
-		err = fmt.Errorf("db: ConnectorGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := cgb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (cgb *ConnectorGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(cgb.fields) > 1 {
-		return nil, errors.New("db: ConnectorGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := cgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := cgb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (cgb *ConnectorGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = cgb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{connector.Label}
-	default:
-		err = fmt.Errorf("db: ConnectorGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (cgb *ConnectorGroupBy) BoolX(ctx context.Context) bool {
-	v, err := cgb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (cgb *ConnectorGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range cgb.fields {
 		if !connector.ValidColumn(f) {
@ -702,6 +503,7 @@ func (cgb *ConnectorGroupBy) sqlQuery() *sql.Selector {
 // ConnectorSelect is the builder for selecting fields of Connector entities.
 type ConnectorSelect struct {
 	*ConnectorQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (cs *ConnectorSelect) Scan(ctx context.Context, v interface{}) error {
 	return cs.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (cs *ConnectorSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := cs.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (cs *ConnectorSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(cs.fields) > 1 {
-		return nil, errors.New("db: ConnectorSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := cs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (cs *ConnectorSelect) StringsX(ctx context.Context) []string {
-	v, err := cs.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (cs *ConnectorSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = cs.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{connector.Label}
-	default:
-		err = fmt.Errorf("db: ConnectorSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (cs *ConnectorSelect) StringX(ctx context.Context) string {
-	v, err := cs.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (cs *ConnectorSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(cs.fields) > 1 {
-		return nil, errors.New("db: ConnectorSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := cs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (cs *ConnectorSelect) IntsX(ctx context.Context) []int {
-	v, err := cs.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (cs *ConnectorSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = cs.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{connector.Label}
-	default:
-		err = fmt.Errorf("db: ConnectorSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (cs *ConnectorSelect) IntX(ctx context.Context) int {
-	v, err := cs.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (cs *ConnectorSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(cs.fields) > 1 {
-		return nil, errors.New("db: ConnectorSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := cs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (cs *ConnectorSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := cs.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (cs *ConnectorSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = cs.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{connector.Label}
-	default:
-		err = fmt.Errorf("db: ConnectorSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (cs *ConnectorSelect) Float64X(ctx context.Context) float64 {
-	v, err := cs.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (cs *ConnectorSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(cs.fields) > 1 {
-		return nil, errors.New("db: ConnectorSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := cs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (cs *ConnectorSelect) BoolsX(ctx context.Context) []bool {
-	v, err := cs.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (cs *ConnectorSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = cs.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{connector.Label}
-	default:
-		err = fmt.Errorf("db: ConnectorSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (cs *ConnectorSelect) BoolX(ctx context.Context) bool {
-	v, err := cs.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (cs *ConnectorSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := cs.sql.Query()
--- a/storage/ent/db/connector_update.go
+++ b/storage/ent/db/connector_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -181,7 +181,7 @@ func (cu *ConnectorUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{connector.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -263,9 +263,15 @@ func (cuo *ConnectorUpdateOne) Save(ctx context.Context) (*Connector, error) {
 			}
 			mut = cuo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, cuo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, cuo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*Connector)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from ConnectorMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -377,7 +383,7 @@ func (cuo *ConnectorUpdateOne) sqlSave(ctx context.Context) (_node *Connector, e
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{connector.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/context.go
+++ b/storage/ent/db/context.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

--- a/storage/ent/db/devicerequest.go
+++ b/storage/ent/db/devicerequest.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -118,11 +118,11 @@ func (dr *DeviceRequest) Update() *DeviceRequestUpdateOne {
 // Unwrap unwraps the DeviceRequest entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (dr *DeviceRequest) Unwrap() *DeviceRequest {
-	tx, ok := dr.config.driver.(*txDriver)
+	_tx, ok := dr.config.driver.(*txDriver)
 	if !ok {
 		panic("db: DeviceRequest is not a transactional entity")
 	}
-	dr.config.driver = tx.drv
+	dr.config.driver = _tx.drv
 	return dr
 }

@ -130,18 +130,23 @@ func (dr *DeviceRequest) Unwrap() *DeviceRequest {
 func (dr *DeviceRequest) String() string {
 	var builder strings.Builder
 	builder.WriteString("DeviceRequest(")
-	builder.WriteString(fmt.Sprintf("id=%v", dr.ID))
-	builder.WriteString(", user_code=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", dr.ID))
+	builder.WriteString("user_code=")
 	builder.WriteString(dr.UserCode)
-	builder.WriteString(", device_code=")
+	builder.WriteString(", ")
+	builder.WriteString("device_code=")
 	builder.WriteString(dr.DeviceCode)
-	builder.WriteString(", client_id=")
+	builder.WriteString(", ")
+	builder.WriteString("client_id=")
 	builder.WriteString(dr.ClientID)
-	builder.WriteString(", client_secret=")
+	builder.WriteString(", ")
+	builder.WriteString("client_secret=")
 	builder.WriteString(dr.ClientSecret)
-	builder.WriteString(", scopes=")
+	builder.WriteString(", ")
+	builder.WriteString("scopes=")
 	builder.WriteString(fmt.Sprintf("%v", dr.Scopes))
-	builder.WriteString(", expiry=")
+	builder.WriteString(", ")
+	builder.WriteString("expiry=")
 	builder.WriteString(dr.Expiry.Format(time.ANSIC))
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/devicerequest/devicerequest.go
+++ b/storage/ent/db/devicerequest/devicerequest.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package devicerequest

--- a/storage/ent/db/devicerequest/where.go
+++ b/storage/ent/db/devicerequest/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package devicerequest

@ -33,12 +33,6 @@ func IDNEQ(id int) predicate.DeviceRequest {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...int) predicate.DeviceRequest {
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -50,12 +44,6 @@ func IDIn(ids ...int) predicate.DeviceRequest {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...int) predicate.DeviceRequest {
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -148,12 +136,6 @@ func UserCodeIn(vs ...string) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldUserCode), v...))
 	})
 }
@ -165,12 +147,6 @@ func UserCodeNotIn(vs ...string) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldUserCode), v...))
 	})
 }
@ -259,12 +235,6 @@ func DeviceCodeIn(vs ...string) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldDeviceCode), v...))
 	})
 }
@ -276,12 +246,6 @@ func DeviceCodeNotIn(vs ...string) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldDeviceCode), v...))
 	})
 }
@ -370,12 +334,6 @@ func ClientIDIn(vs ...string) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClientID), v...))
 	})
 }
@ -387,12 +345,6 @@ func ClientIDNotIn(vs ...string) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClientID), v...))
 	})
 }
@ -481,12 +433,6 @@ func ClientSecretIn(vs ...string) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClientSecret), v...))
 	})
 }
@ -498,12 +444,6 @@ func ClientSecretNotIn(vs ...string) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClientSecret), v...))
 	})
 }
@ -606,12 +546,6 @@ func ExpiryIn(vs ...time.Time) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldExpiry), v...))
 	})
 }
@ -623,12 +557,6 @@ func ExpiryNotIn(vs ...time.Time) predicate.DeviceRequest {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceRequest(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldExpiry), v...))
 	})
 }
--- a/storage/ent/db/devicerequest_create.go
+++ b/storage/ent/db/devicerequest_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -95,9 +95,15 @@ func (drc *DeviceRequestCreate) Save(ctx context.Context) (*DeviceRequest, error
 			}
 			mut = drc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, drc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, drc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*DeviceRequest)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from DeviceRequestMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -168,7 +174,7 @@ func (drc *DeviceRequestCreate) sqlSave(ctx context.Context) (*DeviceRequest, er
 	_node, _spec := drc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, drc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -271,7 +277,7 @@ func (drcb *DeviceRequestCreateBulk) Save(ctx context.Context) ([]*DeviceRequest
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, drcb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
@ -279,11 +285,11 @@ func (drcb *DeviceRequestCreateBulk) Save(ctx context.Context) ([]*DeviceRequest
 					return nil, err
 				}
 				mutation.id = &nodes[i].ID
-				mutation.done = true
 				if specs[i].ID.Value != nil {
 					id := specs[i].ID.Value.(int64)
 					nodes[i].ID = int(id)
 				}
+				mutation.done = true
 				return nodes[i], nil
 			})
 			for i := len(builder.hooks) - 1; i >= 0; i-- {
--- a/storage/ent/db/devicerequest_delete.go
+++ b/storage/ent/db/devicerequest_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (drd *DeviceRequestDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, drd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, drd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // DeviceRequestDeleteOne is the builder for deleting a single DeviceRequest entity.
--- a/storage/ent/db/devicerequest_query.go
+++ b/storage/ent/db/devicerequest_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (drq *DeviceRequestQuery) Clone() *DeviceRequestQuery {
 //		Scan(ctx, &v)
 //
 func (drq *DeviceRequestQuery) GroupBy(field string, fields ...string) *DeviceRequestGroupBy {
-	group := &DeviceRequestGroupBy{config: drq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &DeviceRequestGroupBy{config: drq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := drq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return drq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = devicerequest.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (drq *DeviceRequestQuery) GroupBy(field string, fields ...string) *DeviceRe
 //
 func (drq *DeviceRequestQuery) Select(fields ...string) *DeviceRequestSelect {
 	drq.fields = append(drq.fields, fields...)
-	return &DeviceRequestSelect{DeviceRequestQuery: drq}
+	selbuild := &DeviceRequestSelect{DeviceRequestQuery: drq}
+	selbuild.label = devicerequest.Label
+	selbuild.flds, selbuild.scan = &drq.fields, selbuild.Scan
+	return selbuild
 }

 func (drq *DeviceRequestQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (drq *DeviceRequestQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (drq *DeviceRequestQuery) sqlAll(ctx context.Context) ([]*DeviceRequest, error) {
+func (drq *DeviceRequestQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*DeviceRequest, error) {
 	var (
 		nodes = []*DeviceRequest{}
 		_spec = drq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &DeviceRequest{config: drq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*DeviceRequest).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &DeviceRequest{config: drq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, drq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (drq *DeviceRequestQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // DeviceRequestGroupBy is the group-by builder for DeviceRequest entities.
 type DeviceRequestGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (drgb *DeviceRequestGroupBy) Scan(ctx context.Context, v interface{}) error
 	return drgb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := drgb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (drgb *DeviceRequestGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(drgb.fields) > 1 {
-		return nil, errors.New("db: DeviceRequestGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := drgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) StringsX(ctx context.Context) []string {
-	v, err := drgb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (drgb *DeviceRequestGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = drgb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicerequest.Label}
-	default:
-		err = fmt.Errorf("db: DeviceRequestGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) StringX(ctx context.Context) string {
-	v, err := drgb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (drgb *DeviceRequestGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(drgb.fields) > 1 {
-		return nil, errors.New("db: DeviceRequestGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := drgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) IntsX(ctx context.Context) []int {
-	v, err := drgb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (drgb *DeviceRequestGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = drgb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicerequest.Label}
-	default:
-		err = fmt.Errorf("db: DeviceRequestGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) IntX(ctx context.Context) int {
-	v, err := drgb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (drgb *DeviceRequestGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(drgb.fields) > 1 {
-		return nil, errors.New("db: DeviceRequestGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := drgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := drgb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (drgb *DeviceRequestGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = drgb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicerequest.Label}
-	default:
-		err = fmt.Errorf("db: DeviceRequestGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := drgb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (drgb *DeviceRequestGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(drgb.fields) > 1 {
-		return nil, errors.New("db: DeviceRequestGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := drgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := drgb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (drgb *DeviceRequestGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = drgb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicerequest.Label}
-	default:
-		err = fmt.Errorf("db: DeviceRequestGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (drgb *DeviceRequestGroupBy) BoolX(ctx context.Context) bool {
-	v, err := drgb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (drgb *DeviceRequestGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range drgb.fields {
 		if !devicerequest.ValidColumn(f) {
@ -702,6 +503,7 @@ func (drgb *DeviceRequestGroupBy) sqlQuery() *sql.Selector {
 // DeviceRequestSelect is the builder for selecting fields of DeviceRequest entities.
 type DeviceRequestSelect struct {
 	*DeviceRequestQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (drs *DeviceRequestSelect) Scan(ctx context.Context, v interface{}) error {
 	return drs.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (drs *DeviceRequestSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := drs.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (drs *DeviceRequestSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(drs.fields) > 1 {
-		return nil, errors.New("db: DeviceRequestSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := drs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (drs *DeviceRequestSelect) StringsX(ctx context.Context) []string {
-	v, err := drs.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (drs *DeviceRequestSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = drs.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicerequest.Label}
-	default:
-		err = fmt.Errorf("db: DeviceRequestSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (drs *DeviceRequestSelect) StringX(ctx context.Context) string {
-	v, err := drs.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (drs *DeviceRequestSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(drs.fields) > 1 {
-		return nil, errors.New("db: DeviceRequestSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := drs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (drs *DeviceRequestSelect) IntsX(ctx context.Context) []int {
-	v, err := drs.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (drs *DeviceRequestSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = drs.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicerequest.Label}
-	default:
-		err = fmt.Errorf("db: DeviceRequestSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (drs *DeviceRequestSelect) IntX(ctx context.Context) int {
-	v, err := drs.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (drs *DeviceRequestSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(drs.fields) > 1 {
-		return nil, errors.New("db: DeviceRequestSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := drs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (drs *DeviceRequestSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := drs.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (drs *DeviceRequestSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = drs.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicerequest.Label}
-	default:
-		err = fmt.Errorf("db: DeviceRequestSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (drs *DeviceRequestSelect) Float64X(ctx context.Context) float64 {
-	v, err := drs.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (drs *DeviceRequestSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(drs.fields) > 1 {
-		return nil, errors.New("db: DeviceRequestSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := drs.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (drs *DeviceRequestSelect) BoolsX(ctx context.Context) []bool {
-	v, err := drs.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (drs *DeviceRequestSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = drs.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicerequest.Label}
-	default:
-		err = fmt.Errorf("db: DeviceRequestSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (drs *DeviceRequestSelect) BoolX(ctx context.Context) bool {
-	v, err := drs.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (drs *DeviceRequestSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := drs.sql.Query()
--- a/storage/ent/db/devicerequest_update.go
+++ b/storage/ent/db/devicerequest_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -230,7 +230,7 @@ func (dru *DeviceRequestUpdate) sqlSave(ctx context.Context) (n int, err error)
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{devicerequest.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -330,9 +330,15 @@ func (druo *DeviceRequestUpdateOne) Save(ctx context.Context) (*DeviceRequest, e
 			}
 			mut = druo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, druo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, druo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*DeviceRequest)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from DeviceRequestMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -474,7 +480,7 @@ func (druo *DeviceRequestUpdateOne) sqlSave(ctx context.Context) (_node *DeviceR
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{devicerequest.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/devicetoken.go
+++ b/storage/ent/db/devicetoken.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -131,11 +131,11 @@ func (dt *DeviceToken) Update() *DeviceTokenUpdateOne {
 // Unwrap unwraps the DeviceToken entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (dt *DeviceToken) Unwrap() *DeviceToken {
-	tx, ok := dt.config.driver.(*txDriver)
+	_tx, ok := dt.config.driver.(*txDriver)
 	if !ok {
 		panic("db: DeviceToken is not a transactional entity")
 	}
-	dt.config.driver = tx.drv
+	dt.config.driver = _tx.drv
 	return dt
 }

@ -143,24 +143,31 @@ func (dt *DeviceToken) Unwrap() *DeviceToken {
 func (dt *DeviceToken) String() string {
 	var builder strings.Builder
 	builder.WriteString("DeviceToken(")
-	builder.WriteString(fmt.Sprintf("id=%v", dt.ID))
-	builder.WriteString(", device_code=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", dt.ID))
+	builder.WriteString("device_code=")
 	builder.WriteString(dt.DeviceCode)
-	builder.WriteString(", status=")
+	builder.WriteString(", ")
+	builder.WriteString("status=")
 	builder.WriteString(dt.Status)
+	builder.WriteString(", ")
 	if v := dt.Token; v != nil {
-		builder.WriteString(", token=")
+		builder.WriteString("token=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
-	builder.WriteString(", expiry=")
+	builder.WriteString(", ")
+	builder.WriteString("expiry=")
 	builder.WriteString(dt.Expiry.Format(time.ANSIC))
-	builder.WriteString(", last_request=")
+	builder.WriteString(", ")
+	builder.WriteString("last_request=")
 	builder.WriteString(dt.LastRequest.Format(time.ANSIC))
-	builder.WriteString(", poll_interval=")
+	builder.WriteString(", ")
+	builder.WriteString("poll_interval=")
 	builder.WriteString(fmt.Sprintf("%v", dt.PollInterval))
-	builder.WriteString(", code_challenge=")
+	builder.WriteString(", ")
+	builder.WriteString("code_challenge=")
 	builder.WriteString(dt.CodeChallenge)
-	builder.WriteString(", code_challenge_method=")
+	builder.WriteString(", ")
+	builder.WriteString("code_challenge_method=")
 	builder.WriteString(dt.CodeChallengeMethod)
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/devicetoken/devicetoken.go
+++ b/storage/ent/db/devicetoken/devicetoken.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package devicetoken

--- a/storage/ent/db/devicetoken/where.go
+++ b/storage/ent/db/devicetoken/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package devicetoken

@ -33,12 +33,6 @@ func IDNEQ(id int) predicate.DeviceToken {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...int) predicate.DeviceToken {
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -50,12 +44,6 @@ func IDIn(ids ...int) predicate.DeviceToken {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...int) predicate.DeviceToken {
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -169,12 +157,6 @@ func DeviceCodeIn(vs ...string) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldDeviceCode), v...))
 	})
 }
@ -186,12 +168,6 @@ func DeviceCodeNotIn(vs ...string) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldDeviceCode), v...))
 	})
 }
@ -280,12 +256,6 @@ func StatusIn(vs ...string) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldStatus), v...))
 	})
 }
@ -297,12 +267,6 @@ func StatusNotIn(vs ...string) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldStatus), v...))
 	})
 }
@ -391,12 +355,6 @@ func TokenIn(vs ...[]byte) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldToken), v...))
 	})
 }
@ -408,12 +366,6 @@ func TokenNotIn(vs ...[]byte) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldToken), v...))
 	})
 }
@ -481,12 +433,6 @@ func ExpiryIn(vs ...time.Time) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldExpiry), v...))
 	})
 }
@ -498,12 +444,6 @@ func ExpiryNotIn(vs ...time.Time) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldExpiry), v...))
 	})
 }
@ -557,12 +497,6 @@ func LastRequestIn(vs ...time.Time) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldLastRequest), v...))
 	})
 }
@ -574,12 +508,6 @@ func LastRequestNotIn(vs ...time.Time) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldLastRequest), v...))
 	})
 }
@ -633,12 +561,6 @@ func PollIntervalIn(vs ...int) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldPollInterval), v...))
 	})
 }
@ -650,12 +572,6 @@ func PollIntervalNotIn(vs ...int) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldPollInterval), v...))
 	})
 }
@ -709,12 +625,6 @@ func CodeChallengeIn(vs ...string) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldCodeChallenge), v...))
 	})
 }
@ -726,12 +636,6 @@ func CodeChallengeNotIn(vs ...string) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldCodeChallenge), v...))
 	})
 }
@ -820,12 +724,6 @@ func CodeChallengeMethodIn(vs ...string) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldCodeChallengeMethod), v...))
 	})
 }
@ -837,12 +735,6 @@ func CodeChallengeMethodNotIn(vs ...string) predicate.DeviceToken {
 		v[i] = vs[i]
 	}
 	return predicate.DeviceToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldCodeChallengeMethod), v...))
 	})
 }
--- a/storage/ent/db/devicetoken_create.go
+++ b/storage/ent/db/devicetoken_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -124,9 +124,15 @@ func (dtc *DeviceTokenCreate) Save(ctx context.Context) (*DeviceToken, error) {
 			}
 			mut = dtc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, dtc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, dtc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*DeviceToken)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from DeviceTokenMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -205,7 +211,7 @@ func (dtc *DeviceTokenCreate) sqlSave(ctx context.Context) (*DeviceToken, error)
 	_node, _spec := dtc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, dtc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -325,7 +331,7 @@ func (dtcb *DeviceTokenCreateBulk) Save(ctx context.Context) ([]*DeviceToken, er
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, dtcb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
@ -333,11 +339,11 @@ func (dtcb *DeviceTokenCreateBulk) Save(ctx context.Context) ([]*DeviceToken, er
 					return nil, err
 				}
 				mutation.id = &nodes[i].ID
-				mutation.done = true
 				if specs[i].ID.Value != nil {
 					id := specs[i].ID.Value.(int64)
 					nodes[i].ID = int(id)
 				}
+				mutation.done = true
 				return nodes[i], nil
 			})
 			for i := len(builder.hooks) - 1; i >= 0; i-- {
--- a/storage/ent/db/devicetoken_delete.go
+++ b/storage/ent/db/devicetoken_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (dtd *DeviceTokenDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, dtd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, dtd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // DeviceTokenDeleteOne is the builder for deleting a single DeviceToken entity.
--- a/storage/ent/db/devicetoken_query.go
+++ b/storage/ent/db/devicetoken_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (dtq *DeviceTokenQuery) Clone() *DeviceTokenQuery {
 //		Scan(ctx, &v)
 //
 func (dtq *DeviceTokenQuery) GroupBy(field string, fields ...string) *DeviceTokenGroupBy {
-	group := &DeviceTokenGroupBy{config: dtq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &DeviceTokenGroupBy{config: dtq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := dtq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return dtq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = devicetoken.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (dtq *DeviceTokenQuery) GroupBy(field string, fields ...string) *DeviceToke
 //
 func (dtq *DeviceTokenQuery) Select(fields ...string) *DeviceTokenSelect {
 	dtq.fields = append(dtq.fields, fields...)
-	return &DeviceTokenSelect{DeviceTokenQuery: dtq}
+	selbuild := &DeviceTokenSelect{DeviceTokenQuery: dtq}
+	selbuild.label = devicetoken.Label
+	selbuild.flds, selbuild.scan = &dtq.fields, selbuild.Scan
+	return selbuild
 }

 func (dtq *DeviceTokenQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (dtq *DeviceTokenQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (dtq *DeviceTokenQuery) sqlAll(ctx context.Context) ([]*DeviceToken, error) {
+func (dtq *DeviceTokenQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*DeviceToken, error) {
 	var (
 		nodes = []*DeviceToken{}
 		_spec = dtq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &DeviceToken{config: dtq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*DeviceToken).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &DeviceToken{config: dtq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, dtq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (dtq *DeviceTokenQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // DeviceTokenGroupBy is the group-by builder for DeviceToken entities.
 type DeviceTokenGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (dtgb *DeviceTokenGroupBy) Scan(ctx context.Context, v interface{}) error {
 	return dtgb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := dtgb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (dtgb *DeviceTokenGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(dtgb.fields) > 1 {
-		return nil, errors.New("db: DeviceTokenGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := dtgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) StringsX(ctx context.Context) []string {
-	v, err := dtgb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (dtgb *DeviceTokenGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = dtgb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicetoken.Label}
-	default:
-		err = fmt.Errorf("db: DeviceTokenGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) StringX(ctx context.Context) string {
-	v, err := dtgb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (dtgb *DeviceTokenGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(dtgb.fields) > 1 {
-		return nil, errors.New("db: DeviceTokenGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := dtgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) IntsX(ctx context.Context) []int {
-	v, err := dtgb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (dtgb *DeviceTokenGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = dtgb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicetoken.Label}
-	default:
-		err = fmt.Errorf("db: DeviceTokenGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) IntX(ctx context.Context) int {
-	v, err := dtgb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (dtgb *DeviceTokenGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(dtgb.fields) > 1 {
-		return nil, errors.New("db: DeviceTokenGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := dtgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := dtgb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (dtgb *DeviceTokenGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = dtgb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicetoken.Label}
-	default:
-		err = fmt.Errorf("db: DeviceTokenGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := dtgb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (dtgb *DeviceTokenGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(dtgb.fields) > 1 {
-		return nil, errors.New("db: DeviceTokenGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := dtgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := dtgb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (dtgb *DeviceTokenGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = dtgb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicetoken.Label}
-	default:
-		err = fmt.Errorf("db: DeviceTokenGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (dtgb *DeviceTokenGroupBy) BoolX(ctx context.Context) bool {
-	v, err := dtgb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (dtgb *DeviceTokenGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range dtgb.fields {
 		if !devicetoken.ValidColumn(f) {
@ -702,6 +503,7 @@ func (dtgb *DeviceTokenGroupBy) sqlQuery() *sql.Selector {
 // DeviceTokenSelect is the builder for selecting fields of DeviceToken entities.
 type DeviceTokenSelect struct {
 	*DeviceTokenQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (dts *DeviceTokenSelect) Scan(ctx context.Context, v interface{}) error {
 	return dts.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (dts *DeviceTokenSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := dts.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (dts *DeviceTokenSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(dts.fields) > 1 {
-		return nil, errors.New("db: DeviceTokenSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := dts.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (dts *DeviceTokenSelect) StringsX(ctx context.Context) []string {
-	v, err := dts.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (dts *DeviceTokenSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = dts.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicetoken.Label}
-	default:
-		err = fmt.Errorf("db: DeviceTokenSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (dts *DeviceTokenSelect) StringX(ctx context.Context) string {
-	v, err := dts.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (dts *DeviceTokenSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(dts.fields) > 1 {
-		return nil, errors.New("db: DeviceTokenSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := dts.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (dts *DeviceTokenSelect) IntsX(ctx context.Context) []int {
-	v, err := dts.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (dts *DeviceTokenSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = dts.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicetoken.Label}
-	default:
-		err = fmt.Errorf("db: DeviceTokenSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (dts *DeviceTokenSelect) IntX(ctx context.Context) int {
-	v, err := dts.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (dts *DeviceTokenSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(dts.fields) > 1 {
-		return nil, errors.New("db: DeviceTokenSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := dts.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (dts *DeviceTokenSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := dts.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (dts *DeviceTokenSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = dts.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicetoken.Label}
-	default:
-		err = fmt.Errorf("db: DeviceTokenSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (dts *DeviceTokenSelect) Float64X(ctx context.Context) float64 {
-	v, err := dts.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (dts *DeviceTokenSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(dts.fields) > 1 {
-		return nil, errors.New("db: DeviceTokenSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := dts.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (dts *DeviceTokenSelect) BoolsX(ctx context.Context) []bool {
-	v, err := dts.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (dts *DeviceTokenSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = dts.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{devicetoken.Label}
-	default:
-		err = fmt.Errorf("db: DeviceTokenSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (dts *DeviceTokenSelect) BoolX(ctx context.Context) bool {
-	v, err := dts.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (dts *DeviceTokenSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := dts.sql.Query()
--- a/storage/ent/db/devicetoken_update.go
+++ b/storage/ent/db/devicetoken_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -276,7 +276,7 @@ func (dtu *DeviceTokenUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{devicetoken.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -411,9 +411,15 @@ func (dtuo *DeviceTokenUpdateOne) Save(ctx context.Context) (*DeviceToken, error
 			}
 			mut = dtuo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, dtuo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, dtuo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*DeviceToken)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from DeviceTokenMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -566,7 +572,7 @@ func (dtuo *DeviceTokenUpdateOne) sqlSave(ctx context.Context) (_node *DeviceTok
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{devicetoken.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/ent.go
+++ b/storage/ent/db/ent.go
@ -1,13 +1,15 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
+	"context"
 	"errors"
 	"fmt"

 	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
 	"github.com/dexidp/dex/storage/ent/db/authcode"
 	"github.com/dexidp/dex/storage/ent/db/authrequest"
 	"github.com/dexidp/dex/storage/ent/db/connector"
@ -275,3 +277,208 @@ func IsConstraintError(err error) bool {
 	var e *ConstraintError
 	return errors.As(err, &e)
 }
+
+// selector embedded by the different Select/GroupBy builders.
+type selector struct {
+	label string
+	flds  *[]string
+	scan  func(context.Context, interface{}) error
+}
+
+// ScanX is like Scan, but panics if an error occurs.
+func (s *selector) ScanX(ctx context.Context, v interface{}) {
+	if err := s.scan(ctx, v); err != nil {
+		panic(err)
+	}
+}
+
+// Strings returns list of strings from a selector. It is only allowed when selecting one field.
+func (s *selector) Strings(ctx context.Context) ([]string, error) {
+	if len(*s.flds) > 1 {
+		return nil, errors.New("db: Strings is not achievable when selecting more than 1 field")
+	}
+	var v []string
+	if err := s.scan(ctx, &v); err != nil {
+		return nil, err
+	}
+	return v, nil
+}
+
+// StringsX is like Strings, but panics if an error occurs.
+func (s *selector) StringsX(ctx context.Context) []string {
+	v, err := s.Strings(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// String returns a single string from a selector. It is only allowed when selecting one field.
+func (s *selector) String(ctx context.Context) (_ string, err error) {
+	var v []string
+	if v, err = s.Strings(ctx); err != nil {
+		return
+	}
+	switch len(v) {
+	case 1:
+		return v[0], nil
+	case 0:
+		err = &NotFoundError{s.label}
+	default:
+		err = fmt.Errorf("db: Strings returned %d results when one was expected", len(v))
+	}
+	return
+}
+
+// StringX is like String, but panics if an error occurs.
+func (s *selector) StringX(ctx context.Context) string {
+	v, err := s.String(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Ints returns list of ints from a selector. It is only allowed when selecting one field.
+func (s *selector) Ints(ctx context.Context) ([]int, error) {
+	if len(*s.flds) > 1 {
+		return nil, errors.New("db: Ints is not achievable when selecting more than 1 field")
+	}
+	var v []int
+	if err := s.scan(ctx, &v); err != nil {
+		return nil, err
+	}
+	return v, nil
+}
+
+// IntsX is like Ints, but panics if an error occurs.
+func (s *selector) IntsX(ctx context.Context) []int {
+	v, err := s.Ints(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Int returns a single int from a selector. It is only allowed when selecting one field.
+func (s *selector) Int(ctx context.Context) (_ int, err error) {
+	var v []int
+	if v, err = s.Ints(ctx); err != nil {
+		return
+	}
+	switch len(v) {
+	case 1:
+		return v[0], nil
+	case 0:
+		err = &NotFoundError{s.label}
+	default:
+		err = fmt.Errorf("db: Ints returned %d results when one was expected", len(v))
+	}
+	return
+}
+
+// IntX is like Int, but panics if an error occurs.
+func (s *selector) IntX(ctx context.Context) int {
+	v, err := s.Int(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
+func (s *selector) Float64s(ctx context.Context) ([]float64, error) {
+	if len(*s.flds) > 1 {
+		return nil, errors.New("db: Float64s is not achievable when selecting more than 1 field")
+	}
+	var v []float64
+	if err := s.scan(ctx, &v); err != nil {
+		return nil, err
+	}
+	return v, nil
+}
+
+// Float64sX is like Float64s, but panics if an error occurs.
+func (s *selector) Float64sX(ctx context.Context) []float64 {
+	v, err := s.Float64s(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
+func (s *selector) Float64(ctx context.Context) (_ float64, err error) {
+	var v []float64
+	if v, err = s.Float64s(ctx); err != nil {
+		return
+	}
+	switch len(v) {
+	case 1:
+		return v[0], nil
+	case 0:
+		err = &NotFoundError{s.label}
+	default:
+		err = fmt.Errorf("db: Float64s returned %d results when one was expected", len(v))
+	}
+	return
+}
+
+// Float64X is like Float64, but panics if an error occurs.
+func (s *selector) Float64X(ctx context.Context) float64 {
+	v, err := s.Float64(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Bools returns list of bools from a selector. It is only allowed when selecting one field.
+func (s *selector) Bools(ctx context.Context) ([]bool, error) {
+	if len(*s.flds) > 1 {
+		return nil, errors.New("db: Bools is not achievable when selecting more than 1 field")
+	}
+	var v []bool
+	if err := s.scan(ctx, &v); err != nil {
+		return nil, err
+	}
+	return v, nil
+}
+
+// BoolsX is like Bools, but panics if an error occurs.
+func (s *selector) BoolsX(ctx context.Context) []bool {
+	v, err := s.Bools(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Bool returns a single bool from a selector. It is only allowed when selecting one field.
+func (s *selector) Bool(ctx context.Context) (_ bool, err error) {
+	var v []bool
+	if v, err = s.Bools(ctx); err != nil {
+		return
+	}
+	switch len(v) {
+	case 1:
+		return v[0], nil
+	case 0:
+		err = &NotFoundError{s.label}
+	default:
+		err = fmt.Errorf("db: Bools returned %d results when one was expected", len(v))
+	}
+	return
+}
+
+// BoolX is like Bool, but panics if an error occurs.
+func (s *selector) BoolX(ctx context.Context) bool {
+	v, err := s.Bool(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// queryHook describes an internal hook for the different sqlAll methods.
+type queryHook func(context.Context, *sqlgraph.QuerySpec)
--- a/storage/ent/db/enttest/enttest.go
+++ b/storage/ent/db/enttest/enttest.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package enttest

@ -10,6 +10,7 @@ import (
 	_ "github.com/dexidp/dex/storage/ent/db/runtime"

 	"entgo.io/ent/dialect/sql/schema"
+	"github.com/dexidp/dex/storage/ent/db/migrate"
 )

 type (
@ -59,10 +60,7 @@ func Open(t TestingT, driverName, dataSourceName string, opts ...Option) *db.Cli
 		t.Error(err)
 		t.FailNow()
 	}
-	if err := c.Schema.Create(context.Background(), o.migrateOpts...); err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
+	migrateSchema(t, c, o)
 	return c
 }

@ -70,9 +68,17 @@ func Open(t TestingT, driverName, dataSourceName string, opts ...Option) *db.Cli
 func NewClient(t TestingT, opts ...Option) *db.Client {
 	o := newOptions(opts)
 	c := db.NewClient(o.opts...)
-	if err := c.Schema.Create(context.Background(), o.migrateOpts...); err != nil {
+	migrateSchema(t, c, o)
+	return c
+}
+func migrateSchema(t TestingT, c *db.Client, o *options) {
+	tables, err := schema.CopyTables(migrate.Tables)
+	if err != nil {
+		t.Error(err)
+		t.FailNow()
+	}
+	if err := migrate.Create(context.Background(), c.Schema, tables, o.migrateOpts...); err != nil {
 		t.Error(err)
 		t.FailNow()
 	}
-	return c
 }
--- a/storage/ent/db/hook/hook.go
+++ b/storage/ent/db/hook/hook.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package hook

--- a/storage/ent/db/keys.go
+++ b/storage/ent/db/keys.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -11,7 +11,7 @@ import (
 	"entgo.io/ent/dialect/sql"
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/storage/ent/db/keys"
-	"gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/square/go-jose.v2"
 )

 // Keys is the model entity for the Keys schema.
@ -106,11 +106,11 @@ func (k *Keys) Update() *KeysUpdateOne {
 // Unwrap unwraps the Keys entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (k *Keys) Unwrap() *Keys {
-	tx, ok := k.config.driver.(*txDriver)
+	_tx, ok := k.config.driver.(*txDriver)
 	if !ok {
 		panic("db: Keys is not a transactional entity")
 	}
-	k.config.driver = tx.drv
+	k.config.driver = _tx.drv
 	return k
 }

@ -118,14 +118,17 @@ func (k *Keys) Unwrap() *Keys {
 func (k *Keys) String() string {
 	var builder strings.Builder
 	builder.WriteString("Keys(")
-	builder.WriteString(fmt.Sprintf("id=%v", k.ID))
-	builder.WriteString(", verification_keys=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", k.ID))
+	builder.WriteString("verification_keys=")
 	builder.WriteString(fmt.Sprintf("%v", k.VerificationKeys))
-	builder.WriteString(", signing_key=")
+	builder.WriteString(", ")
+	builder.WriteString("signing_key=")
 	builder.WriteString(fmt.Sprintf("%v", k.SigningKey))
-	builder.WriteString(", signing_key_pub=")
+	builder.WriteString(", ")
+	builder.WriteString("signing_key_pub=")
 	builder.WriteString(fmt.Sprintf("%v", k.SigningKeyPub))
-	builder.WriteString(", next_rotation=")
+	builder.WriteString(", ")
+	builder.WriteString("next_rotation=")
 	builder.WriteString(k.NextRotation.Format(time.ANSIC))
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/keys/keys.go
+++ b/storage/ent/db/keys/keys.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package keys

--- a/storage/ent/db/keys/where.go
+++ b/storage/ent/db/keys/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package keys

@ -33,12 +33,6 @@ func IDNEQ(id string) predicate.Keys {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...string) predicate.Keys {
 	return predicate.Keys(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -50,12 +44,6 @@ func IDIn(ids ...string) predicate.Keys {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...string) predicate.Keys {
 	return predicate.Keys(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -120,12 +108,6 @@ func NextRotationIn(vs ...time.Time) predicate.Keys {
 		v[i] = vs[i]
 	}
 	return predicate.Keys(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldNextRotation), v...))
 	})
 }
@ -137,12 +119,6 @@ func NextRotationNotIn(vs ...time.Time) predicate.Keys {
 		v[i] = vs[i]
 	}
 	return predicate.Keys(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldNextRotation), v...))
 	})
 }
--- a/storage/ent/db/keys_create.go
+++ b/storage/ent/db/keys_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -12,7 +12,7 @@ import (
 	"entgo.io/ent/schema/field"
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/storage/ent/db/keys"
-	"gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/square/go-jose.v2"
 )

 // KeysCreate is the builder for creating a Keys entity.
@ -91,9 +91,15 @@ func (kc *KeysCreate) Save(ctx context.Context) (*Keys, error) {
 			}
 			mut = kc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, kc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, kc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*Keys)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from KeysMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -146,7 +152,7 @@ func (kc *KeysCreate) sqlSave(ctx context.Context) (*Keys, error) {
 	_node, _spec := kc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, kc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -242,7 +248,7 @@ func (kcb *KeysCreateBulk) Save(ctx context.Context) ([]*Keys, error) {
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, kcb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
--- a/storage/ent/db/keys_delete.go
+++ b/storage/ent/db/keys_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (kd *KeysDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, kd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, kd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // KeysDeleteOne is the builder for deleting a single Keys entity.
--- a/storage/ent/db/keys_query.go
+++ b/storage/ent/db/keys_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (kq *KeysQuery) Clone() *KeysQuery {
 //		Scan(ctx, &v)
 //
 func (kq *KeysQuery) GroupBy(field string, fields ...string) *KeysGroupBy {
-	group := &KeysGroupBy{config: kq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &KeysGroupBy{config: kq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := kq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return kq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = keys.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (kq *KeysQuery) GroupBy(field string, fields ...string) *KeysGroupBy {
 //
 func (kq *KeysQuery) Select(fields ...string) *KeysSelect {
 	kq.fields = append(kq.fields, fields...)
-	return &KeysSelect{KeysQuery: kq}
+	selbuild := &KeysSelect{KeysQuery: kq}
+	selbuild.label = keys.Label
+	selbuild.flds, selbuild.scan = &kq.fields, selbuild.Scan
+	return selbuild
 }

 func (kq *KeysQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (kq *KeysQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (kq *KeysQuery) sqlAll(ctx context.Context) ([]*Keys, error) {
+func (kq *KeysQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*Keys, error) {
 	var (
 		nodes = []*Keys{}
 		_spec = kq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &Keys{config: kq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*Keys).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &Keys{config: kq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, kq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (kq *KeysQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // KeysGroupBy is the group-by builder for Keys entities.
 type KeysGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (kgb *KeysGroupBy) Scan(ctx context.Context, v interface{}) error {
 	return kgb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (kgb *KeysGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := kgb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (kgb *KeysGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(kgb.fields) > 1 {
-		return nil, errors.New("db: KeysGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := kgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (kgb *KeysGroupBy) StringsX(ctx context.Context) []string {
-	v, err := kgb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (kgb *KeysGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = kgb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{keys.Label}
-	default:
-		err = fmt.Errorf("db: KeysGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (kgb *KeysGroupBy) StringX(ctx context.Context) string {
-	v, err := kgb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (kgb *KeysGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(kgb.fields) > 1 {
-		return nil, errors.New("db: KeysGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := kgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (kgb *KeysGroupBy) IntsX(ctx context.Context) []int {
-	v, err := kgb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (kgb *KeysGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = kgb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{keys.Label}
-	default:
-		err = fmt.Errorf("db: KeysGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (kgb *KeysGroupBy) IntX(ctx context.Context) int {
-	v, err := kgb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (kgb *KeysGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(kgb.fields) > 1 {
-		return nil, errors.New("db: KeysGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := kgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (kgb *KeysGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := kgb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (kgb *KeysGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = kgb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{keys.Label}
-	default:
-		err = fmt.Errorf("db: KeysGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (kgb *KeysGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := kgb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (kgb *KeysGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(kgb.fields) > 1 {
-		return nil, errors.New("db: KeysGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := kgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (kgb *KeysGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := kgb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (kgb *KeysGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = kgb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{keys.Label}
-	default:
-		err = fmt.Errorf("db: KeysGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (kgb *KeysGroupBy) BoolX(ctx context.Context) bool {
-	v, err := kgb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (kgb *KeysGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range kgb.fields {
 		if !keys.ValidColumn(f) {
@ -702,6 +503,7 @@ func (kgb *KeysGroupBy) sqlQuery() *sql.Selector {
 // KeysSelect is the builder for selecting fields of Keys entities.
 type KeysSelect struct {
 	*KeysQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (ks *KeysSelect) Scan(ctx context.Context, v interface{}) error {
 	return ks.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (ks *KeysSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := ks.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (ks *KeysSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(ks.fields) > 1 {
-		return nil, errors.New("db: KeysSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := ks.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (ks *KeysSelect) StringsX(ctx context.Context) []string {
-	v, err := ks.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (ks *KeysSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = ks.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{keys.Label}
-	default:
-		err = fmt.Errorf("db: KeysSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (ks *KeysSelect) StringX(ctx context.Context) string {
-	v, err := ks.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (ks *KeysSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(ks.fields) > 1 {
-		return nil, errors.New("db: KeysSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := ks.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (ks *KeysSelect) IntsX(ctx context.Context) []int {
-	v, err := ks.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (ks *KeysSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = ks.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{keys.Label}
-	default:
-		err = fmt.Errorf("db: KeysSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (ks *KeysSelect) IntX(ctx context.Context) int {
-	v, err := ks.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (ks *KeysSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(ks.fields) > 1 {
-		return nil, errors.New("db: KeysSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := ks.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (ks *KeysSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := ks.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (ks *KeysSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = ks.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{keys.Label}
-	default:
-		err = fmt.Errorf("db: KeysSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (ks *KeysSelect) Float64X(ctx context.Context) float64 {
-	v, err := ks.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (ks *KeysSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(ks.fields) > 1 {
-		return nil, errors.New("db: KeysSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := ks.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (ks *KeysSelect) BoolsX(ctx context.Context) []bool {
-	v, err := ks.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (ks *KeysSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = ks.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{keys.Label}
-	default:
-		err = fmt.Errorf("db: KeysSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (ks *KeysSelect) BoolX(ctx context.Context) bool {
-	v, err := ks.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (ks *KeysSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := ks.sql.Query()
--- a/storage/ent/db/keys_update.go
+++ b/storage/ent/db/keys_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -14,7 +14,7 @@ import (
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/storage/ent/db/keys"
 	"github.com/dexidp/dex/storage/ent/db/predicate"
-	"gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/square/go-jose.v2"
 )

 // KeysUpdate is the builder for updating Keys entities.
@ -163,7 +163,7 @@ func (ku *KeysUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{keys.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -239,9 +239,15 @@ func (kuo *KeysUpdateOne) Save(ctx context.Context) (*Keys, error) {
 			}
 			mut = kuo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, kuo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, kuo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*Keys)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from KeysMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -338,7 +344,7 @@ func (kuo *KeysUpdateOne) sqlSave(ctx context.Context) (_node *Keys, err error)
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{keys.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/migrate/migrate.go
+++ b/storage/ent/db/migrate/migrate.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package migrate

@ -28,9 +28,6 @@ var (
 	// and therefore, it's recommended to enable this option to get more
 	// flexibility in the schema changes.
 	WithDropIndex = schema.WithDropIndex
-	// WithFixture sets the foreign-key renaming option to the migration when upgrading
-	// ent from v0.1.0 (issue-#285). Defaults to false.
-	WithFixture = schema.WithFixture
 	// WithForeignKeys enables creating foreign-key in schema DDL. This defaults to true.
 	WithForeignKeys = schema.WithForeignKeys
 )
@ -45,11 +42,16 @@ func NewSchema(drv dialect.Driver) *Schema { return &Schema{drv: drv} }

 // Create creates all schema resources.
 func (s *Schema) Create(ctx context.Context, opts ...schema.MigrateOption) error {
+	return Create(ctx, s, Tables, opts...)
+}
+
+// Create creates all table resources using the given schema driver.
+func Create(ctx context.Context, s *Schema, tables []*schema.Table, opts ...schema.MigrateOption) error {
 	migrate, err := schema.NewMigrate(s.drv, opts...)
 	if err != nil {
 		return fmt.Errorf("ent/migrate: %w", err)
 	}
-	return migrate.Create(ctx, Tables...)
+	return migrate.Create(ctx, tables...)
 }

 // WriteTo writes the schema changes to w instead of running them against the database.
@ -59,13 +61,5 @@ func (s *Schema) Create(ctx context.Context, opts ...schema.MigrateOption) error
 // 	}
 //
 func (s *Schema) WriteTo(ctx context.Context, w io.Writer, opts ...schema.MigrateOption) error {
-	drv := &schema.WriteDriver{
-		Writer: w,
-		Driver: s.drv,
-	}
-	migrate, err := schema.NewMigrate(drv, opts...)
-	if err != nil {
-		return fmt.Errorf("ent/migrate: %w", err)
-	}
-	return migrate.Create(ctx, Tables...)
+	return Create(ctx, &Schema{drv: &schema.WriteDriver{Writer: w, Driver: s.drv}}, Tables, opts...)
 }
--- a/storage/ent/db/migrate/schema.go
+++ b/storage/ent/db/migrate/schema.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package migrate

--- a/storage/ent/db/mutation.go
+++ b/storage/ent/db/mutation.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -21,7 +21,7 @@ import (
 	"github.com/dexidp/dex/storage/ent/db/password"
 	"github.com/dexidp/dex/storage/ent/db/predicate"
 	"github.com/dexidp/dex/storage/ent/db/refreshtoken"
-	"gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/square/go-jose.v2"

 	"entgo.io/ent"
 )
--- a/storage/ent/db/oauth2client.go
+++ b/storage/ent/db/oauth2client.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -117,11 +117,11 @@ func (o *OAuth2Client) Update() *OAuth2ClientUpdateOne {
 // Unwrap unwraps the OAuth2Client entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (o *OAuth2Client) Unwrap() *OAuth2Client {
-	tx, ok := o.config.driver.(*txDriver)
+	_tx, ok := o.config.driver.(*txDriver)
 	if !ok {
 		panic("db: OAuth2Client is not a transactional entity")
 	}
-	o.config.driver = tx.drv
+	o.config.driver = _tx.drv
 	return o
 }

@ -129,18 +129,23 @@ func (o *OAuth2Client) Unwrap() *OAuth2Client {
 func (o *OAuth2Client) String() string {
 	var builder strings.Builder
 	builder.WriteString("OAuth2Client(")
-	builder.WriteString(fmt.Sprintf("id=%v", o.ID))
-	builder.WriteString(", secret=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", o.ID))
+	builder.WriteString("secret=")
 	builder.WriteString(o.Secret)
-	builder.WriteString(", redirect_uris=")
+	builder.WriteString(", ")
+	builder.WriteString("redirect_uris=")
 	builder.WriteString(fmt.Sprintf("%v", o.RedirectUris))
-	builder.WriteString(", trusted_peers=")
+	builder.WriteString(", ")
+	builder.WriteString("trusted_peers=")
 	builder.WriteString(fmt.Sprintf("%v", o.TrustedPeers))
-	builder.WriteString(", public=")
+	builder.WriteString(", ")
+	builder.WriteString("public=")
 	builder.WriteString(fmt.Sprintf("%v", o.Public))
-	builder.WriteString(", name=")
+	builder.WriteString(", ")
+	builder.WriteString("name=")
 	builder.WriteString(o.Name)
-	builder.WriteString(", logo_url=")
+	builder.WriteString(", ")
+	builder.WriteString("logo_url=")
 	builder.WriteString(o.LogoURL)
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/oauth2client/oauth2client.go
+++ b/storage/ent/db/oauth2client/oauth2client.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package oauth2client

--- a/storage/ent/db/oauth2client/where.go
+++ b/storage/ent/db/oauth2client/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package oauth2client

@ -31,12 +31,6 @@ func IDNEQ(id string) predicate.OAuth2Client {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...string) predicate.OAuth2Client {
 	return predicate.OAuth2Client(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -48,12 +42,6 @@ func IDIn(ids ...string) predicate.OAuth2Client {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...string) predicate.OAuth2Client {
 	return predicate.OAuth2Client(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -139,12 +127,6 @@ func SecretIn(vs ...string) predicate.OAuth2Client {
 		v[i] = vs[i]
 	}
 	return predicate.OAuth2Client(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldSecret), v...))
 	})
 }
@ -156,12 +138,6 @@ func SecretNotIn(vs ...string) predicate.OAuth2Client {
 		v[i] = vs[i]
 	}
 	return predicate.OAuth2Client(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldSecret), v...))
 	})
 }
@ -292,12 +268,6 @@ func NameIn(vs ...string) predicate.OAuth2Client {
 		v[i] = vs[i]
 	}
 	return predicate.OAuth2Client(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldName), v...))
 	})
 }
@ -309,12 +279,6 @@ func NameNotIn(vs ...string) predicate.OAuth2Client {
 		v[i] = vs[i]
 	}
 	return predicate.OAuth2Client(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldName), v...))
 	})
 }
@ -403,12 +367,6 @@ func LogoURLIn(vs ...string) predicate.OAuth2Client {
 		v[i] = vs[i]
 	}
 	return predicate.OAuth2Client(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldLogoURL), v...))
 	})
 }
@ -420,12 +378,6 @@ func LogoURLNotIn(vs ...string) predicate.OAuth2Client {
 		v[i] = vs[i]
 	}
 	return predicate.OAuth2Client(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldLogoURL), v...))
 	})
 }
--- a/storage/ent/db/oauth2client_create.go
+++ b/storage/ent/db/oauth2client_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -100,9 +100,15 @@ func (oc *OAuth2ClientCreate) Save(ctx context.Context) (*OAuth2Client, error) {
 			}
 			mut = oc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, oc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, oc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*OAuth2Client)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from OAuth2ClientMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -170,7 +176,7 @@ func (oc *OAuth2ClientCreate) sqlSave(ctx context.Context) (*OAuth2Client, error
 	_node, _spec := oc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, oc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -282,7 +288,7 @@ func (ocb *OAuth2ClientCreateBulk) Save(ctx context.Context) ([]*OAuth2Client, e
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, ocb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
--- a/storage/ent/db/oauth2client_delete.go
+++ b/storage/ent/db/oauth2client_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (od *OAuth2ClientDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, od.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, od.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // OAuth2ClientDeleteOne is the builder for deleting a single OAuth2Client entity.
--- a/storage/ent/db/oauth2client_query.go
+++ b/storage/ent/db/oauth2client_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (oq *OAuth2ClientQuery) Clone() *OAuth2ClientQuery {
 //		Scan(ctx, &v)
 //
 func (oq *OAuth2ClientQuery) GroupBy(field string, fields ...string) *OAuth2ClientGroupBy {
-	group := &OAuth2ClientGroupBy{config: oq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &OAuth2ClientGroupBy{config: oq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := oq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return oq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = oauth2client.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (oq *OAuth2ClientQuery) GroupBy(field string, fields ...string) *OAuth2Clie
 //
 func (oq *OAuth2ClientQuery) Select(fields ...string) *OAuth2ClientSelect {
 	oq.fields = append(oq.fields, fields...)
-	return &OAuth2ClientSelect{OAuth2ClientQuery: oq}
+	selbuild := &OAuth2ClientSelect{OAuth2ClientQuery: oq}
+	selbuild.label = oauth2client.Label
+	selbuild.flds, selbuild.scan = &oq.fields, selbuild.Scan
+	return selbuild
 }

 func (oq *OAuth2ClientQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (oq *OAuth2ClientQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (oq *OAuth2ClientQuery) sqlAll(ctx context.Context) ([]*OAuth2Client, error) {
+func (oq *OAuth2ClientQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*OAuth2Client, error) {
 	var (
 		nodes = []*OAuth2Client{}
 		_spec = oq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &OAuth2Client{config: oq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*OAuth2Client).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &OAuth2Client{config: oq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, oq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (oq *OAuth2ClientQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // OAuth2ClientGroupBy is the group-by builder for OAuth2Client entities.
 type OAuth2ClientGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (ogb *OAuth2ClientGroupBy) Scan(ctx context.Context, v interface{}) error {
 	return ogb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := ogb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (ogb *OAuth2ClientGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(ogb.fields) > 1 {
-		return nil, errors.New("db: OAuth2ClientGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := ogb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) StringsX(ctx context.Context) []string {
-	v, err := ogb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (ogb *OAuth2ClientGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = ogb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{oauth2client.Label}
-	default:
-		err = fmt.Errorf("db: OAuth2ClientGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) StringX(ctx context.Context) string {
-	v, err := ogb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (ogb *OAuth2ClientGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(ogb.fields) > 1 {
-		return nil, errors.New("db: OAuth2ClientGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := ogb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) IntsX(ctx context.Context) []int {
-	v, err := ogb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (ogb *OAuth2ClientGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = ogb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{oauth2client.Label}
-	default:
-		err = fmt.Errorf("db: OAuth2ClientGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) IntX(ctx context.Context) int {
-	v, err := ogb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (ogb *OAuth2ClientGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(ogb.fields) > 1 {
-		return nil, errors.New("db: OAuth2ClientGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := ogb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := ogb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (ogb *OAuth2ClientGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = ogb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{oauth2client.Label}
-	default:
-		err = fmt.Errorf("db: OAuth2ClientGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := ogb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (ogb *OAuth2ClientGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(ogb.fields) > 1 {
-		return nil, errors.New("db: OAuth2ClientGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := ogb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := ogb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (ogb *OAuth2ClientGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = ogb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{oauth2client.Label}
-	default:
-		err = fmt.Errorf("db: OAuth2ClientGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (ogb *OAuth2ClientGroupBy) BoolX(ctx context.Context) bool {
-	v, err := ogb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (ogb *OAuth2ClientGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range ogb.fields {
 		if !oauth2client.ValidColumn(f) {
@ -702,6 +503,7 @@ func (ogb *OAuth2ClientGroupBy) sqlQuery() *sql.Selector {
 // OAuth2ClientSelect is the builder for selecting fields of OAuth2Client entities.
 type OAuth2ClientSelect struct {
 	*OAuth2ClientQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (os *OAuth2ClientSelect) Scan(ctx context.Context, v interface{}) error {
 	return os.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (os *OAuth2ClientSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := os.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (os *OAuth2ClientSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(os.fields) > 1 {
-		return nil, errors.New("db: OAuth2ClientSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := os.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (os *OAuth2ClientSelect) StringsX(ctx context.Context) []string {
-	v, err := os.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (os *OAuth2ClientSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = os.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{oauth2client.Label}
-	default:
-		err = fmt.Errorf("db: OAuth2ClientSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (os *OAuth2ClientSelect) StringX(ctx context.Context) string {
-	v, err := os.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (os *OAuth2ClientSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(os.fields) > 1 {
-		return nil, errors.New("db: OAuth2ClientSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := os.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (os *OAuth2ClientSelect) IntsX(ctx context.Context) []int {
-	v, err := os.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (os *OAuth2ClientSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = os.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{oauth2client.Label}
-	default:
-		err = fmt.Errorf("db: OAuth2ClientSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (os *OAuth2ClientSelect) IntX(ctx context.Context) int {
-	v, err := os.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (os *OAuth2ClientSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(os.fields) > 1 {
-		return nil, errors.New("db: OAuth2ClientSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := os.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (os *OAuth2ClientSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := os.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (os *OAuth2ClientSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = os.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{oauth2client.Label}
-	default:
-		err = fmt.Errorf("db: OAuth2ClientSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (os *OAuth2ClientSelect) Float64X(ctx context.Context) float64 {
-	v, err := os.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (os *OAuth2ClientSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(os.fields) > 1 {
-		return nil, errors.New("db: OAuth2ClientSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := os.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (os *OAuth2ClientSelect) BoolsX(ctx context.Context) []bool {
-	v, err := os.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (os *OAuth2ClientSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = os.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{oauth2client.Label}
-	default:
-		err = fmt.Errorf("db: OAuth2ClientSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (os *OAuth2ClientSelect) BoolX(ctx context.Context) bool {
-	v, err := os.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (os *OAuth2ClientSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := os.sql.Query()
--- a/storage/ent/db/oauth2client_update.go
+++ b/storage/ent/db/oauth2client_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -236,7 +236,7 @@ func (ou *OAuth2ClientUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{oauth2client.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -342,9 +342,15 @@ func (ouo *OAuth2ClientUpdateOne) Save(ctx context.Context) (*OAuth2Client, erro
 			}
 			mut = ouo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, ouo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, ouo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*OAuth2Client)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from OAuth2ClientMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -487,7 +493,7 @@ func (ouo *OAuth2ClientUpdateOne) sqlSave(ctx context.Context) (_node *OAuth2Cli
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{oauth2client.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/offlinesession.go
+++ b/storage/ent/db/offlinesession.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -94,11 +94,11 @@ func (os *OfflineSession) Update() *OfflineSessionUpdateOne {
 // Unwrap unwraps the OfflineSession entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (os *OfflineSession) Unwrap() *OfflineSession {
-	tx, ok := os.config.driver.(*txDriver)
+	_tx, ok := os.config.driver.(*txDriver)
 	if !ok {
 		panic("db: OfflineSession is not a transactional entity")
 	}
-	os.config.driver = tx.drv
+	os.config.driver = _tx.drv
 	return os
 }

@ -106,15 +106,18 @@ func (os *OfflineSession) Unwrap() *OfflineSession {
 func (os *OfflineSession) String() string {
 	var builder strings.Builder
 	builder.WriteString("OfflineSession(")
-	builder.WriteString(fmt.Sprintf("id=%v", os.ID))
-	builder.WriteString(", user_id=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", os.ID))
+	builder.WriteString("user_id=")
 	builder.WriteString(os.UserID)
-	builder.WriteString(", conn_id=")
+	builder.WriteString(", ")
+	builder.WriteString("conn_id=")
 	builder.WriteString(os.ConnID)
-	builder.WriteString(", refresh=")
+	builder.WriteString(", ")
+	builder.WriteString("refresh=")
 	builder.WriteString(fmt.Sprintf("%v", os.Refresh))
+	builder.WriteString(", ")
 	if v := os.ConnectorData; v != nil {
-		builder.WriteString(", connector_data=")
+		builder.WriteString("connector_data=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteByte(')')
--- a/storage/ent/db/offlinesession/offlinesession.go
+++ b/storage/ent/db/offlinesession/offlinesession.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package offlinesession

--- a/storage/ent/db/offlinesession/where.go
+++ b/storage/ent/db/offlinesession/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package offlinesession

@ -31,12 +31,6 @@ func IDNEQ(id string) predicate.OfflineSession {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...string) predicate.OfflineSession {
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -48,12 +42,6 @@ func IDIn(ids ...string) predicate.OfflineSession {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...string) predicate.OfflineSession {
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -139,12 +127,6 @@ func UserIDIn(vs ...string) predicate.OfflineSession {
 		v[i] = vs[i]
 	}
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldUserID), v...))
 	})
 }
@ -156,12 +138,6 @@ func UserIDNotIn(vs ...string) predicate.OfflineSession {
 		v[i] = vs[i]
 	}
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldUserID), v...))
 	})
 }
@ -250,12 +226,6 @@ func ConnIDIn(vs ...string) predicate.OfflineSession {
 		v[i] = vs[i]
 	}
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConnID), v...))
 	})
 }
@ -267,12 +237,6 @@ func ConnIDNotIn(vs ...string) predicate.OfflineSession {
 		v[i] = vs[i]
 	}
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConnID), v...))
 	})
 }
@ -361,12 +325,6 @@ func RefreshIn(vs ...[]byte) predicate.OfflineSession {
 		v[i] = vs[i]
 	}
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldRefresh), v...))
 	})
 }
@ -378,12 +336,6 @@ func RefreshNotIn(vs ...[]byte) predicate.OfflineSession {
 		v[i] = vs[i]
 	}
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldRefresh), v...))
 	})
 }
@ -437,12 +389,6 @@ func ConnectorDataIn(vs ...[]byte) predicate.OfflineSession {
 		v[i] = vs[i]
 	}
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConnectorData), v...))
 	})
 }
@ -454,12 +400,6 @@ func ConnectorDataNotIn(vs ...[]byte) predicate.OfflineSession {
 		v[i] = vs[i]
 	}
 	return predicate.OfflineSession(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConnectorData), v...))
 	})
 }
--- a/storage/ent/db/offlinesession_create.go
+++ b/storage/ent/db/offlinesession_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -88,9 +88,15 @@ func (osc *OfflineSessionCreate) Save(ctx context.Context) (*OfflineSession, err
 			}
 			mut = osc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, osc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, osc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*OfflineSession)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from OfflineSessionMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -150,7 +156,7 @@ func (osc *OfflineSessionCreate) sqlSave(ctx context.Context) (*OfflineSession,
 	_node, _spec := osc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, osc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -246,7 +252,7 @@ func (oscb *OfflineSessionCreateBulk) Save(ctx context.Context) ([]*OfflineSessi
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, oscb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
--- a/storage/ent/db/offlinesession_delete.go
+++ b/storage/ent/db/offlinesession_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (osd *OfflineSessionDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, osd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, osd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // OfflineSessionDeleteOne is the builder for deleting a single OfflineSession entity.
--- a/storage/ent/db/offlinesession_query.go
+++ b/storage/ent/db/offlinesession_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (osq *OfflineSessionQuery) Clone() *OfflineSessionQuery {
 //		Scan(ctx, &v)
 //
 func (osq *OfflineSessionQuery) GroupBy(field string, fields ...string) *OfflineSessionGroupBy {
-	group := &OfflineSessionGroupBy{config: osq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &OfflineSessionGroupBy{config: osq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := osq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return osq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = offlinesession.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (osq *OfflineSessionQuery) GroupBy(field string, fields ...string) *Offline
 //
 func (osq *OfflineSessionQuery) Select(fields ...string) *OfflineSessionSelect {
 	osq.fields = append(osq.fields, fields...)
-	return &OfflineSessionSelect{OfflineSessionQuery: osq}
+	selbuild := &OfflineSessionSelect{OfflineSessionQuery: osq}
+	selbuild.label = offlinesession.Label
+	selbuild.flds, selbuild.scan = &osq.fields, selbuild.Scan
+	return selbuild
 }

 func (osq *OfflineSessionQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (osq *OfflineSessionQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (osq *OfflineSessionQuery) sqlAll(ctx context.Context) ([]*OfflineSession, error) {
+func (osq *OfflineSessionQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*OfflineSession, error) {
 	var (
 		nodes = []*OfflineSession{}
 		_spec = osq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &OfflineSession{config: osq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*OfflineSession).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &OfflineSession{config: osq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, osq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (osq *OfflineSessionQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // OfflineSessionGroupBy is the group-by builder for OfflineSession entities.
 type OfflineSessionGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (osgb *OfflineSessionGroupBy) Scan(ctx context.Context, v interface{}) erro
 	return osgb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := osgb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (osgb *OfflineSessionGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(osgb.fields) > 1 {
-		return nil, errors.New("db: OfflineSessionGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := osgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) StringsX(ctx context.Context) []string {
-	v, err := osgb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (osgb *OfflineSessionGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = osgb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{offlinesession.Label}
-	default:
-		err = fmt.Errorf("db: OfflineSessionGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) StringX(ctx context.Context) string {
-	v, err := osgb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (osgb *OfflineSessionGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(osgb.fields) > 1 {
-		return nil, errors.New("db: OfflineSessionGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := osgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) IntsX(ctx context.Context) []int {
-	v, err := osgb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (osgb *OfflineSessionGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = osgb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{offlinesession.Label}
-	default:
-		err = fmt.Errorf("db: OfflineSessionGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) IntX(ctx context.Context) int {
-	v, err := osgb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (osgb *OfflineSessionGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(osgb.fields) > 1 {
-		return nil, errors.New("db: OfflineSessionGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := osgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := osgb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (osgb *OfflineSessionGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = osgb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{offlinesession.Label}
-	default:
-		err = fmt.Errorf("db: OfflineSessionGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := osgb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (osgb *OfflineSessionGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(osgb.fields) > 1 {
-		return nil, errors.New("db: OfflineSessionGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := osgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := osgb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (osgb *OfflineSessionGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = osgb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{offlinesession.Label}
-	default:
-		err = fmt.Errorf("db: OfflineSessionGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (osgb *OfflineSessionGroupBy) BoolX(ctx context.Context) bool {
-	v, err := osgb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (osgb *OfflineSessionGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range osgb.fields {
 		if !offlinesession.ValidColumn(f) {
@ -702,6 +503,7 @@ func (osgb *OfflineSessionGroupBy) sqlQuery() *sql.Selector {
 // OfflineSessionSelect is the builder for selecting fields of OfflineSession entities.
 type OfflineSessionSelect struct {
 	*OfflineSessionQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (oss *OfflineSessionSelect) Scan(ctx context.Context, v interface{}) error
 	return oss.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (oss *OfflineSessionSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := oss.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (oss *OfflineSessionSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(oss.fields) > 1 {
-		return nil, errors.New("db: OfflineSessionSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := oss.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (oss *OfflineSessionSelect) StringsX(ctx context.Context) []string {
-	v, err := oss.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (oss *OfflineSessionSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = oss.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{offlinesession.Label}
-	default:
-		err = fmt.Errorf("db: OfflineSessionSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (oss *OfflineSessionSelect) StringX(ctx context.Context) string {
-	v, err := oss.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (oss *OfflineSessionSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(oss.fields) > 1 {
-		return nil, errors.New("db: OfflineSessionSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := oss.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (oss *OfflineSessionSelect) IntsX(ctx context.Context) []int {
-	v, err := oss.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (oss *OfflineSessionSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = oss.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{offlinesession.Label}
-	default:
-		err = fmt.Errorf("db: OfflineSessionSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (oss *OfflineSessionSelect) IntX(ctx context.Context) int {
-	v, err := oss.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (oss *OfflineSessionSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(oss.fields) > 1 {
-		return nil, errors.New("db: OfflineSessionSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := oss.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (oss *OfflineSessionSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := oss.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (oss *OfflineSessionSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = oss.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{offlinesession.Label}
-	default:
-		err = fmt.Errorf("db: OfflineSessionSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (oss *OfflineSessionSelect) Float64X(ctx context.Context) float64 {
-	v, err := oss.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (oss *OfflineSessionSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(oss.fields) > 1 {
-		return nil, errors.New("db: OfflineSessionSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := oss.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (oss *OfflineSessionSelect) BoolsX(ctx context.Context) []bool {
-	v, err := oss.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (oss *OfflineSessionSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = oss.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{offlinesession.Label}
-	default:
-		err = fmt.Errorf("db: OfflineSessionSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (oss *OfflineSessionSelect) BoolX(ctx context.Context) bool {
-	v, err := oss.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (oss *OfflineSessionSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := oss.sql.Query()
--- a/storage/ent/db/offlinesession_update.go
+++ b/storage/ent/db/offlinesession_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -193,7 +193,7 @@ func (osu *OfflineSessionUpdate) sqlSave(ctx context.Context) (n int, err error)
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{offlinesession.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -281,9 +281,15 @@ func (osuo *OfflineSessionUpdateOne) Save(ctx context.Context) (*OfflineSession,
 			}
 			mut = osuo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, osuo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, osuo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*OfflineSession)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from OfflineSessionMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -401,7 +407,7 @@ func (osuo *OfflineSessionUpdateOne) sqlSave(ctx context.Context) (_node *Offlin
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{offlinesession.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/password.go
+++ b/storage/ent/db/password.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -96,11 +96,11 @@ func (pa *Password) Update() *PasswordUpdateOne {
 // Unwrap unwraps the Password entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (pa *Password) Unwrap() *Password {
-	tx, ok := pa.config.driver.(*txDriver)
+	_tx, ok := pa.config.driver.(*txDriver)
 	if !ok {
 		panic("db: Password is not a transactional entity")
 	}
-	pa.config.driver = tx.drv
+	pa.config.driver = _tx.drv
 	return pa
 }

@ -108,14 +108,17 @@ func (pa *Password) Unwrap() *Password {
 func (pa *Password) String() string {
 	var builder strings.Builder
 	builder.WriteString("Password(")
-	builder.WriteString(fmt.Sprintf("id=%v", pa.ID))
-	builder.WriteString(", email=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", pa.ID))
+	builder.WriteString("email=")
 	builder.WriteString(pa.Email)
-	builder.WriteString(", hash=")
+	builder.WriteString(", ")
+	builder.WriteString("hash=")
 	builder.WriteString(fmt.Sprintf("%v", pa.Hash))
-	builder.WriteString(", username=")
+	builder.WriteString(", ")
+	builder.WriteString("username=")
 	builder.WriteString(pa.Username)
-	builder.WriteString(", user_id=")
+	builder.WriteString(", ")
+	builder.WriteString("user_id=")
 	builder.WriteString(pa.UserID)
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/password/password.go
+++ b/storage/ent/db/password/password.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package password

--- a/storage/ent/db/password/where.go
+++ b/storage/ent/db/password/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package password

@ -31,12 +31,6 @@ func IDNEQ(id int) predicate.Password {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...int) predicate.Password {
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -48,12 +42,6 @@ func IDIn(ids ...int) predicate.Password {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...int) predicate.Password {
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -139,12 +127,6 @@ func EmailIn(vs ...string) predicate.Password {
 		v[i] = vs[i]
 	}
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldEmail), v...))
 	})
 }
@ -156,12 +138,6 @@ func EmailNotIn(vs ...string) predicate.Password {
 		v[i] = vs[i]
 	}
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldEmail), v...))
 	})
 }
@ -250,12 +226,6 @@ func HashIn(vs ...[]byte) predicate.Password {
 		v[i] = vs[i]
 	}
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldHash), v...))
 	})
 }
@ -267,12 +237,6 @@ func HashNotIn(vs ...[]byte) predicate.Password {
 		v[i] = vs[i]
 	}
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldHash), v...))
 	})
 }
@ -326,12 +290,6 @@ func UsernameIn(vs ...string) predicate.Password {
 		v[i] = vs[i]
 	}
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldUsername), v...))
 	})
 }
@ -343,12 +301,6 @@ func UsernameNotIn(vs ...string) predicate.Password {
 		v[i] = vs[i]
 	}
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldUsername), v...))
 	})
 }
@ -437,12 +389,6 @@ func UserIDIn(vs ...string) predicate.Password {
 		v[i] = vs[i]
 	}
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldUserID), v...))
 	})
 }
@ -454,12 +400,6 @@ func UserIDNotIn(vs ...string) predicate.Password {
 		v[i] = vs[i]
 	}
 	return predicate.Password(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldUserID), v...))
 	})
 }
--- a/storage/ent/db/password_create.go
+++ b/storage/ent/db/password_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -82,9 +82,15 @@ func (pc *PasswordCreate) Save(ctx context.Context) (*Password, error) {
 			}
 			mut = pc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, pc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, pc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*Password)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from PasswordMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -147,7 +153,7 @@ func (pc *PasswordCreate) sqlSave(ctx context.Context) (*Password, error) {
 	_node, _spec := pc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, pc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -234,7 +240,7 @@ func (pcb *PasswordCreateBulk) Save(ctx context.Context) ([]*Password, error) {
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, pcb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
@ -242,11 +248,11 @@ func (pcb *PasswordCreateBulk) Save(ctx context.Context) ([]*Password, error) {
 					return nil, err
 				}
 				mutation.id = &nodes[i].ID
-				mutation.done = true
 				if specs[i].ID.Value != nil {
 					id := specs[i].ID.Value.(int64)
 					nodes[i].ID = int(id)
 				}
+				mutation.done = true
 				return nodes[i], nil
 			})
 			for i := len(builder.hooks) - 1; i >= 0; i-- {
--- a/storage/ent/db/password_delete.go
+++ b/storage/ent/db/password_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (pd *PasswordDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, pd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, pd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // PasswordDeleteOne is the builder for deleting a single Password entity.
--- a/storage/ent/db/password_query.go
+++ b/storage/ent/db/password_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (pq *PasswordQuery) Clone() *PasswordQuery {
 //		Scan(ctx, &v)
 //
 func (pq *PasswordQuery) GroupBy(field string, fields ...string) *PasswordGroupBy {
-	group := &PasswordGroupBy{config: pq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &PasswordGroupBy{config: pq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := pq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return pq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = password.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (pq *PasswordQuery) GroupBy(field string, fields ...string) *PasswordGroupB
 //
 func (pq *PasswordQuery) Select(fields ...string) *PasswordSelect {
 	pq.fields = append(pq.fields, fields...)
-	return &PasswordSelect{PasswordQuery: pq}
+	selbuild := &PasswordSelect{PasswordQuery: pq}
+	selbuild.label = password.Label
+	selbuild.flds, selbuild.scan = &pq.fields, selbuild.Scan
+	return selbuild
 }

 func (pq *PasswordQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (pq *PasswordQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (pq *PasswordQuery) sqlAll(ctx context.Context) ([]*Password, error) {
+func (pq *PasswordQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*Password, error) {
 	var (
 		nodes = []*Password{}
 		_spec = pq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &Password{config: pq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*Password).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &Password{config: pq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, pq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (pq *PasswordQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // PasswordGroupBy is the group-by builder for Password entities.
 type PasswordGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (pgb *PasswordGroupBy) Scan(ctx context.Context, v interface{}) error {
 	return pgb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (pgb *PasswordGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := pgb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (pgb *PasswordGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(pgb.fields) > 1 {
-		return nil, errors.New("db: PasswordGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := pgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (pgb *PasswordGroupBy) StringsX(ctx context.Context) []string {
-	v, err := pgb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (pgb *PasswordGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = pgb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{password.Label}
-	default:
-		err = fmt.Errorf("db: PasswordGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (pgb *PasswordGroupBy) StringX(ctx context.Context) string {
-	v, err := pgb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (pgb *PasswordGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(pgb.fields) > 1 {
-		return nil, errors.New("db: PasswordGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := pgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (pgb *PasswordGroupBy) IntsX(ctx context.Context) []int {
-	v, err := pgb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (pgb *PasswordGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = pgb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{password.Label}
-	default:
-		err = fmt.Errorf("db: PasswordGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (pgb *PasswordGroupBy) IntX(ctx context.Context) int {
-	v, err := pgb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (pgb *PasswordGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(pgb.fields) > 1 {
-		return nil, errors.New("db: PasswordGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := pgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (pgb *PasswordGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := pgb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (pgb *PasswordGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = pgb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{password.Label}
-	default:
-		err = fmt.Errorf("db: PasswordGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (pgb *PasswordGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := pgb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (pgb *PasswordGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(pgb.fields) > 1 {
-		return nil, errors.New("db: PasswordGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := pgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (pgb *PasswordGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := pgb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (pgb *PasswordGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = pgb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{password.Label}
-	default:
-		err = fmt.Errorf("db: PasswordGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (pgb *PasswordGroupBy) BoolX(ctx context.Context) bool {
-	v, err := pgb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (pgb *PasswordGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range pgb.fields {
 		if !password.ValidColumn(f) {
@ -702,6 +503,7 @@ func (pgb *PasswordGroupBy) sqlQuery() *sql.Selector {
 // PasswordSelect is the builder for selecting fields of Password entities.
 type PasswordSelect struct {
 	*PasswordQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (ps *PasswordSelect) Scan(ctx context.Context, v interface{}) error {
 	return ps.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (ps *PasswordSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := ps.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (ps *PasswordSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(ps.fields) > 1 {
-		return nil, errors.New("db: PasswordSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := ps.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (ps *PasswordSelect) StringsX(ctx context.Context) []string {
-	v, err := ps.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (ps *PasswordSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = ps.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{password.Label}
-	default:
-		err = fmt.Errorf("db: PasswordSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (ps *PasswordSelect) StringX(ctx context.Context) string {
-	v, err := ps.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (ps *PasswordSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(ps.fields) > 1 {
-		return nil, errors.New("db: PasswordSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := ps.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (ps *PasswordSelect) IntsX(ctx context.Context) []int {
-	v, err := ps.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (ps *PasswordSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = ps.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{password.Label}
-	default:
-		err = fmt.Errorf("db: PasswordSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (ps *PasswordSelect) IntX(ctx context.Context) int {
-	v, err := ps.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (ps *PasswordSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(ps.fields) > 1 {
-		return nil, errors.New("db: PasswordSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := ps.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (ps *PasswordSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := ps.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (ps *PasswordSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = ps.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{password.Label}
-	default:
-		err = fmt.Errorf("db: PasswordSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (ps *PasswordSelect) Float64X(ctx context.Context) float64 {
-	v, err := ps.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (ps *PasswordSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(ps.fields) > 1 {
-		return nil, errors.New("db: PasswordSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := ps.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (ps *PasswordSelect) BoolsX(ctx context.Context) []bool {
-	v, err := ps.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (ps *PasswordSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = ps.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{password.Label}
-	default:
-		err = fmt.Errorf("db: PasswordSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (ps *PasswordSelect) BoolX(ctx context.Context) bool {
-	v, err := ps.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (ps *PasswordSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := ps.sql.Query()
--- a/storage/ent/db/password_update.go
+++ b/storage/ent/db/password_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -186,7 +186,7 @@ func (pu *PasswordUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{password.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -268,9 +268,15 @@ func (puo *PasswordUpdateOne) Save(ctx context.Context) (*Password, error) {
 			}
 			mut = puo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, puo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, puo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*Password)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from PasswordMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -387,7 +393,7 @@ func (puo *PasswordUpdateOne) sqlSave(ctx context.Context) (_node *Password, err
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{password.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/predicate/predicate.go
+++ b/storage/ent/db/predicate/predicate.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package predicate

--- a/storage/ent/db/refreshtoken.go
+++ b/storage/ent/db/refreshtoken.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -192,11 +192,11 @@ func (rt *RefreshToken) Update() *RefreshTokenUpdateOne {
 // Unwrap unwraps the RefreshToken entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (rt *RefreshToken) Unwrap() *RefreshToken {
-	tx, ok := rt.config.driver.(*txDriver)
+	_tx, ok := rt.config.driver.(*txDriver)
 	if !ok {
 		panic("db: RefreshToken is not a transactional entity")
 	}
-	rt.config.driver = tx.drv
+	rt.config.driver = _tx.drv
 	return rt
 }

@ -204,38 +204,52 @@ func (rt *RefreshToken) Unwrap() *RefreshToken {
 func (rt *RefreshToken) String() string {
 	var builder strings.Builder
 	builder.WriteString("RefreshToken(")
-	builder.WriteString(fmt.Sprintf("id=%v", rt.ID))
-	builder.WriteString(", client_id=")
+	builder.WriteString(fmt.Sprintf("id=%v, ", rt.ID))
+	builder.WriteString("client_id=")
 	builder.WriteString(rt.ClientID)
-	builder.WriteString(", scopes=")
+	builder.WriteString(", ")
+	builder.WriteString("scopes=")
 	builder.WriteString(fmt.Sprintf("%v", rt.Scopes))
-	builder.WriteString(", nonce=")
+	builder.WriteString(", ")
+	builder.WriteString("nonce=")
 	builder.WriteString(rt.Nonce)
-	builder.WriteString(", claims_user_id=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_user_id=")
 	builder.WriteString(rt.ClaimsUserID)
-	builder.WriteString(", claims_username=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_username=")
 	builder.WriteString(rt.ClaimsUsername)
-	builder.WriteString(", claims_email=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_email=")
 	builder.WriteString(rt.ClaimsEmail)
-	builder.WriteString(", claims_email_verified=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_email_verified=")
 	builder.WriteString(fmt.Sprintf("%v", rt.ClaimsEmailVerified))
-	builder.WriteString(", claims_groups=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_groups=")
 	builder.WriteString(fmt.Sprintf("%v", rt.ClaimsGroups))
-	builder.WriteString(", claims_preferred_username=")
+	builder.WriteString(", ")
+	builder.WriteString("claims_preferred_username=")
 	builder.WriteString(rt.ClaimsPreferredUsername)
-	builder.WriteString(", connector_id=")
+	builder.WriteString(", ")
+	builder.WriteString("connector_id=")
 	builder.WriteString(rt.ConnectorID)
+	builder.WriteString(", ")
 	if v := rt.ConnectorData; v != nil {
-		builder.WriteString(", connector_data=")
+		builder.WriteString("connector_data=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
-	builder.WriteString(", token=")
+	builder.WriteString(", ")
+	builder.WriteString("token=")
 	builder.WriteString(rt.Token)
-	builder.WriteString(", obsolete_token=")
+	builder.WriteString(", ")
+	builder.WriteString("obsolete_token=")
 	builder.WriteString(rt.ObsoleteToken)
-	builder.WriteString(", created_at=")
+	builder.WriteString(", ")
+	builder.WriteString("created_at=")
 	builder.WriteString(rt.CreatedAt.Format(time.ANSIC))
-	builder.WriteString(", last_used=")
+	builder.WriteString(", ")
+	builder.WriteString("last_used=")
 	builder.WriteString(rt.LastUsed.Format(time.ANSIC))
 	builder.WriteByte(')')
 	return builder.String()
--- a/storage/ent/db/refreshtoken/refreshtoken.go
+++ b/storage/ent/db/refreshtoken/refreshtoken.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package refreshtoken

--- a/storage/ent/db/refreshtoken/where.go
+++ b/storage/ent/db/refreshtoken/where.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package refreshtoken

@ -33,12 +33,6 @@ func IDNEQ(id string) predicate.RefreshToken {
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...string) predicate.RefreshToken {
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -50,12 +44,6 @@ func IDIn(ids ...string) predicate.RefreshToken {
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...string) predicate.RefreshToken {
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(ids) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		v := make([]interface{}, len(ids))
 		for i := range v {
 			v[i] = ids[i]
@ -204,12 +192,6 @@ func ClientIDIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClientID), v...))
 	})
 }
@ -221,12 +203,6 @@ func ClientIDNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClientID), v...))
 	})
 }
@ -329,12 +305,6 @@ func NonceIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldNonce), v...))
 	})
 }
@ -346,12 +316,6 @@ func NonceNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldNonce), v...))
 	})
 }
@ -440,12 +404,6 @@ func ClaimsUserIDIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsUserID), v...))
 	})
 }
@ -457,12 +415,6 @@ func ClaimsUserIDNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsUserID), v...))
 	})
 }
@ -551,12 +503,6 @@ func ClaimsUsernameIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsUsername), v...))
 	})
 }
@ -568,12 +514,6 @@ func ClaimsUsernameNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsUsername), v...))
 	})
 }
@ -662,12 +602,6 @@ func ClaimsEmailIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsEmail), v...))
 	})
 }
@ -679,12 +613,6 @@ func ClaimsEmailNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsEmail), v...))
 	})
 }
@ -801,12 +729,6 @@ func ClaimsPreferredUsernameIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldClaimsPreferredUsername), v...))
 	})
 }
@ -818,12 +740,6 @@ func ClaimsPreferredUsernameNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldClaimsPreferredUsername), v...))
 	})
 }
@ -912,12 +828,6 @@ func ConnectorIDIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConnectorID), v...))
 	})
 }
@ -929,12 +839,6 @@ func ConnectorIDNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConnectorID), v...))
 	})
 }
@ -1023,12 +927,6 @@ func ConnectorDataIn(vs ...[]byte) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldConnectorData), v...))
 	})
 }
@ -1040,12 +938,6 @@ func ConnectorDataNotIn(vs ...[]byte) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldConnectorData), v...))
 	})
 }
@ -1113,12 +1005,6 @@ func TokenIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldToken), v...))
 	})
 }
@ -1130,12 +1016,6 @@ func TokenNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldToken), v...))
 	})
 }
@ -1224,12 +1104,6 @@ func ObsoleteTokenIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldObsoleteToken), v...))
 	})
 }
@ -1241,12 +1115,6 @@ func ObsoleteTokenNotIn(vs ...string) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldObsoleteToken), v...))
 	})
 }
@ -1335,12 +1203,6 @@ func CreatedAtIn(vs ...time.Time) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldCreatedAt), v...))
 	})
 }
@ -1352,12 +1214,6 @@ func CreatedAtNotIn(vs ...time.Time) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldCreatedAt), v...))
 	})
 }
@ -1411,12 +1267,6 @@ func LastUsedIn(vs ...time.Time) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.In(s.C(FieldLastUsed), v...))
 	})
 }
@ -1428,12 +1278,6 @@ func LastUsedNotIn(vs ...time.Time) predicate.RefreshToken {
 		v[i] = vs[i]
 	}
 	return predicate.RefreshToken(func(s *sql.Selector) {
-		// if not arguments were provided, append the FALSE constants,
-		// since we can't apply "IN ()". This will make this predicate falsy.
-		if len(v) == 0 {
-			s.Where(sql.False())
-			return
-		}
 		s.Where(sql.NotIn(s.C(FieldLastUsed), v...))
 	})
 }
--- a/storage/ent/db/refreshtoken_create.go
+++ b/storage/ent/db/refreshtoken_create.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -196,9 +196,15 @@ func (rtc *RefreshTokenCreate) Save(ctx context.Context) (*RefreshToken, error)
 			}
 			mut = rtc.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, rtc.mutation); err != nil {
+		v, err := mut.Mutate(ctx, rtc.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*RefreshToken)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from RefreshTokenMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -329,7 +335,7 @@ func (rtc *RefreshTokenCreate) sqlSave(ctx context.Context) (*RefreshToken, erro
 	_node, _spec := rtc.createSpec()
 	if err := sqlgraph.CreateNode(ctx, rtc.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
@ -514,7 +520,7 @@ func (rtcb *RefreshTokenCreateBulk) Save(ctx context.Context) ([]*RefreshToken,
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, rtcb.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
-							err = &ConstraintError{err.Error(), err}
+							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
--- a/storage/ent/db/refreshtoken_delete.go
+++ b/storage/ent/db/refreshtoken_delete.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -84,7 +84,11 @@ func (rtd *RefreshTokenDelete) sqlExec(ctx context.Context) (int, error) {
 			}
 		}
 	}
-	return sqlgraph.DeleteNodes(ctx, rtd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, rtd.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	return affected, err
 }

 // RefreshTokenDeleteOne is the builder for deleting a single RefreshToken entity.
--- a/storage/ent/db/refreshtoken_query.go
+++ b/storage/ent/db/refreshtoken_query.go
@ -1,10 +1,9 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"

@ -264,15 +263,17 @@ func (rtq *RefreshTokenQuery) Clone() *RefreshTokenQuery {
 //		Scan(ctx, &v)
 //
 func (rtq *RefreshTokenQuery) GroupBy(field string, fields ...string) *RefreshTokenGroupBy {
-	group := &RefreshTokenGroupBy{config: rtq.config}
-	group.fields = append([]string{field}, fields...)
-	group.path = func(ctx context.Context) (prev *sql.Selector, err error) {
+	grbuild := &RefreshTokenGroupBy{config: rtq.config}
+	grbuild.fields = append([]string{field}, fields...)
+	grbuild.path = func(ctx context.Context) (prev *sql.Selector, err error) {
 		if err := rtq.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		return rtq.sqlQuery(ctx), nil
 	}
-	return group
+	grbuild.label = refreshtoken.Label
+	grbuild.flds, grbuild.scan = &grbuild.fields, grbuild.Scan
+	return grbuild
 }

 // Select allows the selection one or more fields/columns for the given query,
@ -290,7 +291,10 @@ func (rtq *RefreshTokenQuery) GroupBy(field string, fields ...string) *RefreshTo
 //
 func (rtq *RefreshTokenQuery) Select(fields ...string) *RefreshTokenSelect {
 	rtq.fields = append(rtq.fields, fields...)
-	return &RefreshTokenSelect{RefreshTokenQuery: rtq}
+	selbuild := &RefreshTokenSelect{RefreshTokenQuery: rtq}
+	selbuild.label = refreshtoken.Label
+	selbuild.flds, selbuild.scan = &rtq.fields, selbuild.Scan
+	return selbuild
 }

 func (rtq *RefreshTokenQuery) prepareQuery(ctx context.Context) error {
@ -309,23 +313,22 @@ func (rtq *RefreshTokenQuery) prepareQuery(ctx context.Context) error {
 	return nil
 }

-func (rtq *RefreshTokenQuery) sqlAll(ctx context.Context) ([]*RefreshToken, error) {
+func (rtq *RefreshTokenQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*RefreshToken, error) {
 	var (
 		nodes = []*RefreshToken{}
 		_spec = rtq.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]interface{}, error) {
-		node := &RefreshToken{config: rtq.config}
-		nodes = append(nodes, node)
-		return node.scanValues(columns)
+		return (*RefreshToken).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []interface{}) error {
-		if len(nodes) == 0 {
-			return fmt.Errorf("db: Assign called without calling ScanValues")
-		}
-		node := nodes[len(nodes)-1]
+		node := &RefreshToken{config: rtq.config}
+		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
 	if err := sqlgraph.QueryNodes(ctx, rtq.driver, _spec); err != nil {
 		return nil, err
 	}
@ -435,6 +438,7 @@ func (rtq *RefreshTokenQuery) sqlQuery(ctx context.Context) *sql.Selector {
 // RefreshTokenGroupBy is the group-by builder for RefreshToken entities.
 type RefreshTokenGroupBy struct {
 	config
+	selector
 	fields []string
 	fns    []AggregateFunc
 	// intermediate query (i.e. traversal path).
@ -458,209 +462,6 @@ func (rtgb *RefreshTokenGroupBy) Scan(ctx context.Context, v interface{}) error
 	return rtgb.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) ScanX(ctx context.Context, v interface{}) {
-	if err := rtgb.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (rtgb *RefreshTokenGroupBy) Strings(ctx context.Context) ([]string, error) {
-	if len(rtgb.fields) > 1 {
-		return nil, errors.New("db: RefreshTokenGroupBy.Strings is not achievable when grouping more than 1 field")
-	}
-	var v []string
-	if err := rtgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) StringsX(ctx context.Context) []string {
-	v, err := rtgb.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (rtgb *RefreshTokenGroupBy) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = rtgb.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{refreshtoken.Label}
-	default:
-		err = fmt.Errorf("db: RefreshTokenGroupBy.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) StringX(ctx context.Context) string {
-	v, err := rtgb.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (rtgb *RefreshTokenGroupBy) Ints(ctx context.Context) ([]int, error) {
-	if len(rtgb.fields) > 1 {
-		return nil, errors.New("db: RefreshTokenGroupBy.Ints is not achievable when grouping more than 1 field")
-	}
-	var v []int
-	if err := rtgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) IntsX(ctx context.Context) []int {
-	v, err := rtgb.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (rtgb *RefreshTokenGroupBy) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = rtgb.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{refreshtoken.Label}
-	default:
-		err = fmt.Errorf("db: RefreshTokenGroupBy.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) IntX(ctx context.Context) int {
-	v, err := rtgb.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (rtgb *RefreshTokenGroupBy) Float64s(ctx context.Context) ([]float64, error) {
-	if len(rtgb.fields) > 1 {
-		return nil, errors.New("db: RefreshTokenGroupBy.Float64s is not achievable when grouping more than 1 field")
-	}
-	var v []float64
-	if err := rtgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) Float64sX(ctx context.Context) []float64 {
-	v, err := rtgb.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (rtgb *RefreshTokenGroupBy) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = rtgb.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{refreshtoken.Label}
-	default:
-		err = fmt.Errorf("db: RefreshTokenGroupBy.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) Float64X(ctx context.Context) float64 {
-	v, err := rtgb.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from group-by.
-// It is only allowed when executing a group-by query with one field.
-func (rtgb *RefreshTokenGroupBy) Bools(ctx context.Context) ([]bool, error) {
-	if len(rtgb.fields) > 1 {
-		return nil, errors.New("db: RefreshTokenGroupBy.Bools is not achievable when grouping more than 1 field")
-	}
-	var v []bool
-	if err := rtgb.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) BoolsX(ctx context.Context) []bool {
-	v, err := rtgb.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a group-by query.
-// It is only allowed when executing a group-by query with one field.
-func (rtgb *RefreshTokenGroupBy) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = rtgb.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{refreshtoken.Label}
-	default:
-		err = fmt.Errorf("db: RefreshTokenGroupBy.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (rtgb *RefreshTokenGroupBy) BoolX(ctx context.Context) bool {
-	v, err := rtgb.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (rtgb *RefreshTokenGroupBy) sqlScan(ctx context.Context, v interface{}) error {
 	for _, f := range rtgb.fields {
 		if !refreshtoken.ValidColumn(f) {
@ -702,6 +503,7 @@ func (rtgb *RefreshTokenGroupBy) sqlQuery() *sql.Selector {
 // RefreshTokenSelect is the builder for selecting fields of RefreshToken entities.
 type RefreshTokenSelect struct {
 	*RefreshTokenQuery
+	selector
 	// intermediate query (i.e. traversal path).
 	sql *sql.Selector
 }
@ -715,201 +517,6 @@ func (rts *RefreshTokenSelect) Scan(ctx context.Context, v interface{}) error {
 	return rts.sqlScan(ctx, v)
 }

-// ScanX is like Scan, but panics if an error occurs.
-func (rts *RefreshTokenSelect) ScanX(ctx context.Context, v interface{}) {
-	if err := rts.Scan(ctx, v); err != nil {
-		panic(err)
-	}
-}
-
-// Strings returns list of strings from a selector. It is only allowed when selecting one field.
-func (rts *RefreshTokenSelect) Strings(ctx context.Context) ([]string, error) {
-	if len(rts.fields) > 1 {
-		return nil, errors.New("db: RefreshTokenSelect.Strings is not achievable when selecting more than 1 field")
-	}
-	var v []string
-	if err := rts.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// StringsX is like Strings, but panics if an error occurs.
-func (rts *RefreshTokenSelect) StringsX(ctx context.Context) []string {
-	v, err := rts.Strings(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// String returns a single string from a selector. It is only allowed when selecting one field.
-func (rts *RefreshTokenSelect) String(ctx context.Context) (_ string, err error) {
-	var v []string
-	if v, err = rts.Strings(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{refreshtoken.Label}
-	default:
-		err = fmt.Errorf("db: RefreshTokenSelect.Strings returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// StringX is like String, but panics if an error occurs.
-func (rts *RefreshTokenSelect) StringX(ctx context.Context) string {
-	v, err := rts.String(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Ints returns list of ints from a selector. It is only allowed when selecting one field.
-func (rts *RefreshTokenSelect) Ints(ctx context.Context) ([]int, error) {
-	if len(rts.fields) > 1 {
-		return nil, errors.New("db: RefreshTokenSelect.Ints is not achievable when selecting more than 1 field")
-	}
-	var v []int
-	if err := rts.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// IntsX is like Ints, but panics if an error occurs.
-func (rts *RefreshTokenSelect) IntsX(ctx context.Context) []int {
-	v, err := rts.Ints(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Int returns a single int from a selector. It is only allowed when selecting one field.
-func (rts *RefreshTokenSelect) Int(ctx context.Context) (_ int, err error) {
-	var v []int
-	if v, err = rts.Ints(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{refreshtoken.Label}
-	default:
-		err = fmt.Errorf("db: RefreshTokenSelect.Ints returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// IntX is like Int, but panics if an error occurs.
-func (rts *RefreshTokenSelect) IntX(ctx context.Context) int {
-	v, err := rts.Int(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64s returns list of float64s from a selector. It is only allowed when selecting one field.
-func (rts *RefreshTokenSelect) Float64s(ctx context.Context) ([]float64, error) {
-	if len(rts.fields) > 1 {
-		return nil, errors.New("db: RefreshTokenSelect.Float64s is not achievable when selecting more than 1 field")
-	}
-	var v []float64
-	if err := rts.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// Float64sX is like Float64s, but panics if an error occurs.
-func (rts *RefreshTokenSelect) Float64sX(ctx context.Context) []float64 {
-	v, err := rts.Float64s(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Float64 returns a single float64 from a selector. It is only allowed when selecting one field.
-func (rts *RefreshTokenSelect) Float64(ctx context.Context) (_ float64, err error) {
-	var v []float64
-	if v, err = rts.Float64s(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{refreshtoken.Label}
-	default:
-		err = fmt.Errorf("db: RefreshTokenSelect.Float64s returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// Float64X is like Float64, but panics if an error occurs.
-func (rts *RefreshTokenSelect) Float64X(ctx context.Context) float64 {
-	v, err := rts.Float64(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bools returns list of bools from a selector. It is only allowed when selecting one field.
-func (rts *RefreshTokenSelect) Bools(ctx context.Context) ([]bool, error) {
-	if len(rts.fields) > 1 {
-		return nil, errors.New("db: RefreshTokenSelect.Bools is not achievable when selecting more than 1 field")
-	}
-	var v []bool
-	if err := rts.Scan(ctx, &v); err != nil {
-		return nil, err
-	}
-	return v, nil
-}
-
-// BoolsX is like Bools, but panics if an error occurs.
-func (rts *RefreshTokenSelect) BoolsX(ctx context.Context) []bool {
-	v, err := rts.Bools(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// Bool returns a single bool from a selector. It is only allowed when selecting one field.
-func (rts *RefreshTokenSelect) Bool(ctx context.Context) (_ bool, err error) {
-	var v []bool
-	if v, err = rts.Bools(ctx); err != nil {
-		return
-	}
-	switch len(v) {
-	case 1:
-		return v[0], nil
-	case 0:
-		err = &NotFoundError{refreshtoken.Label}
-	default:
-		err = fmt.Errorf("db: RefreshTokenSelect.Bools returned %d results when one was expected", len(v))
-	}
-	return
-}
-
-// BoolX is like Bool, but panics if an error occurs.
-func (rts *RefreshTokenSelect) BoolX(ctx context.Context) bool {
-	v, err := rts.Bool(ctx)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
 func (rts *RefreshTokenSelect) sqlScan(ctx context.Context, v interface{}) error {
 	rows := &sql.Rows{}
 	query, args := rts.sql.Query()
--- a/storage/ent/db/refreshtoken_update.go
+++ b/storage/ent/db/refreshtoken_update.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

@ -421,7 +421,7 @@ func (rtu *RefreshTokenUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{refreshtoken.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
@ -627,9 +627,15 @@ func (rtuo *RefreshTokenUpdateOne) Save(ctx context.Context) (*RefreshToken, err
 			}
 			mut = rtuo.hooks[i](mut)
 		}
-		if _, err := mut.Mutate(ctx, rtuo.mutation); err != nil {
+		v, err := mut.Mutate(ctx, rtuo.mutation)
+		if err != nil {
 			return nil, err
 		}
+		nv, ok := v.(*RefreshToken)
+		if !ok {
+			return nil, fmt.Errorf("unexpected node type %T returned from RefreshTokenMutation", v)
+		}
+		node = nv
 	}
 	return node, err
 }
@ -856,7 +862,7 @@ func (rtuo *RefreshTokenUpdateOne) sqlSave(ctx context.Context) (_node *RefreshT
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{refreshtoken.Label}
 		} else if sqlgraph.IsConstraintError(err) {
-			err = &ConstraintError{err.Error(), err}
+			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
--- a/storage/ent/db/runtime.go
+++ b/storage/ent/db/runtime.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

--- a/storage/ent/db/runtime/runtime.go
+++ b/storage/ent/db/runtime/runtime.go
@ -1,10 +1,10 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package runtime

 // The schema-stitching logic is generated in github.com/dexidp/dex/storage/ent/db/runtime.go

 const (
-	Version = "v0.10.1"                                         // Version of ent codegen.
-	Sum     = "h1:dM5h4Zk6yHGIgw4dCqVzGw3nWgpGYJiV4/kyHEF6PFo=" // Sum of ent codegen.
+	Version = "v0.11.2"                                         // Version of ent codegen.
+	Sum     = "h1:UM2/BUhF2FfsxPHRxLjQbhqJNaDdVlOwNIAMLs2jyto=" // Sum of ent codegen.
 )
--- a/storage/ent/db/tx.go
+++ b/storage/ent/db/tx.go
@ -1,4 +1,4 @@
-// Code generated by entc, DO NOT EDIT.
+// Code generated by ent, DO NOT EDIT.

 package db

--- a/storage/ent/mysql.go
+++ b/storage/ent/mysql.go
@ -13,7 +13,6 @@ import (
 	"time"

 	entSQL "entgo.io/ent/dialect/sql"
-	"entgo.io/ent/dialect/sql/schema"
 	"github.com/go-sql-driver/mysql" // Register mysql driver.

 	"github.com/dexidp/dex/pkg/log"
@ -54,7 +53,7 @@ func (m *MySQL) Open(logger log.Logger) (storage.Storage, error) {
 		client.WithTxIsolationLevel(sql.LevelSerializable),
 	)

-	if err := databaseClient.Schema().Create(context.TODO(), schema.WithAtlas(false)); err != nil {
+	if err := databaseClient.Schema().Create(context.TODO()); err != nil {
 		return nil, err
 	}

--- a/storage/ent/postgres.go
+++ b/storage/ent/postgres.go
@ -12,7 +12,6 @@ import (
 	"time"

 	entSQL "entgo.io/ent/dialect/sql"
-	"entgo.io/ent/dialect/sql/schema"
 	_ "github.com/lib/pq" // Register postgres driver.

 	"github.com/dexidp/dex/pkg/log"
@ -55,7 +54,7 @@ func (p *Postgres) Open(logger log.Logger) (storage.Storage, error) {
 		client.WithTxIsolationLevel(sql.LevelSerializable),
 	)

-	if err := databaseClient.Schema().Create(context.TODO(), schema.WithAtlas(false)); err != nil {
+	if err := databaseClient.Schema().Create(context.TODO()); err != nil {
 		return nil, err
 	}

--- a/storage/ent/sqlite.go
+++ b/storage/ent/sqlite.go
@ -6,7 +6,6 @@ import (
 	"strings"

 	"entgo.io/ent/dialect/sql"
-	"entgo.io/ent/dialect/sql/schema"
 	_ "github.com/mattn/go-sqlite3" // Register sqlite driver.

 	"github.com/dexidp/dex/pkg/log"
@ -42,7 +41,7 @@ func (s *SQLite3) Open(logger log.Logger) (storage.Storage, error) {
 		client.WithHasher(sha256.New),
 	)

-	if err := databaseClient.Schema().Create(context.TODO(), schema.WithAtlas(false)); err != nil {
+	if err := databaseClient.Schema().Create(context.TODO()); err != nil {
 		return nil, err
 	}