We want to make sure clients from before the rollout can still auth. We'll revert this soon after launch, once all of the clients have been confirmed to be updated. We don't need to keep it around longer than that because this only concerned brand new users, and brand new users can be expected to have the most recent version of the app.

I'm having trouble understanding the summary

1. What is "rollout" you are referring to?
2. Why do we need clients to update if you say this affects only new clients? What do they need to update?

Do we have tasks that describe reverting this code?

What is "rollout" you are referring to?

Rollout of usingCSAT=true

Why do we need clients to update if you say this affects only new clients? What do they need to update?

I'm not sure I understand the question. Maybe start by reading the test plan. I'll try explaining again:

1. Before this diff, clients that create accounts with usingCSAT=true will not store hash in MariaDB users table, making it impossible for clients with usingCSAT=false to auth
2. We need to launch usingCSAT=true on mobile before web, for the reasons described on Linear
3. In order to allow the usingCSAT=false web clients to auth with accounts created with usingCSAT=true, we need to store the hash in the MariaDB users table

Do we have tasks that describe reverting this code?

Here you go: ENG-8698

But I'm guessing that we want old clients, who had their accounts setup with usingCSAT=false, to update to usingCSAT=true, and get their primary device registered (a mobile device). Is this correct?

Yes

That still doesn't explain why we need to wait for some users to be updated.

We don't want to force-log-out users on web and then prevent them from logging in because they don't have a primary. Some context about this in the deleted task here, and on the Comm thread I added you to yesterday

How will we know that all clients have been updated?

We won't – it's a non-goal to get to 100% updated before launching on web