diff --git a/packages/backend/migration/1667653936442-token-permissions.js b/packages/backend/migration/1667653936442-token-permissions.js
index d6c3e0fba..df6925bee 100644
--- a/packages/backend/migration/1667653936442-token-permissions.js
+++ b/packages/backend/migration/1667653936442-token-permissions.js
@@ -6,6 +6,9 @@ export class tokenPermissions1667653936442 {
 		await queryRunner.query(`UPDATE "access_token" SET permission = (SELECT permission FROM "app" WHERE "app"."id" = "access_token"."appId") WHERE "appId" IS NOT NULL AND CARDINALITY("permission") = 0`);
 		// The permission column should now always be set explicitly, so the default is not needed any more.
 		await queryRunner.query(`ALTER TABLE "access_token" ALTER COLUMN "permission" DROP DEFAULT`);
+		// Drop all currently running authorization sessions. Already created tokens remain untouched.
+		// If you were registering an app just before upgrade started, try again later. ¯\_(ツ)_/¯
+		await queryRunner.query(`TRUNCATE TABLE "auth_session"`);
 		// Refactor scheme to allow multiple access tokens per app.
 		await queryRunner.query(`ALTER TABLE "auth_session" DROP CONSTRAINT "FK_c072b729d71697f959bde66ade0"`);
 		await queryRunner.query(`ALTER TABLE "auth_session" RENAME COLUMN "userId" TO "accessTokenId"`);
@@ -14,6 +17,10 @@ export class tokenPermissions1667653936442 {
 	}
 
 	async down(queryRunner) {
+		// Drop all currently running authorization sessions. Already created tokens remain untouched.
+		// If you were registering an app just before downgrade started, try again later. ¯\_(ツ)_/¯
+		await queryRunner.query(`TRUNCATE TABLE "auth_session"`);
+
 		await queryRunner.query(`ALTER TABLE "auth_session" DROP CONSTRAINT "FK_8e001e5a101c6dca37df1a76d66"`);
 		await queryRunner.query(`ALTER TABLE "auth_session" DROP CONSTRAINT "UQ_8e001e5a101c6dca37df1a76d66"`);
 		await queryRunner.query(`ALTER TABLE "access_token" ALTER COLUMN "permission" DROP DEFAULT`);