I would like to report to you something that can be a potential issue.
GetAuthorizations2 function selects authorizations that can be reused. The query to select them from the database is executed in that function and authorizations are returned from the function.
Then, this code manipulates on the returned list of authorizations. Because the query mentioned above is not in the same transaction with an insert, a lot of things can happen in the meantime, for example other authorizations can be added between a select and an insert and they should be reused but they are not.
What do you think about that behavior?