You've already forked authentication-service
mirror of
https://github.com/matrix-org/matrix-authentication-service.git
synced 2025-08-07 17:03:01 +03:00
92 lines
3.0 KiB
SQL
92 lines
3.0 KiB
SQL
-- Copyright 2022 The Matrix.org Foundation C.I.C.
|
|
--
|
|
-- Licensed under the Apache License, Version 2.0 (the "License");
|
|
-- you may not use this file except in compliance with the License.
|
|
-- You may obtain a copy of the License at
|
|
--
|
|
-- http://www.apache.org/licenses/LICENSE-2.0
|
|
--
|
|
-- Unless required by applicable law or agreed to in writing, software
|
|
-- distributed under the License is distributed on an "AS IS" BASIS,
|
|
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
-- See the License for the specific language governing permissions and
|
|
-- limitations under the License.
|
|
|
|
CREATE TABLE "upstream_oauth_providers" (
|
|
"upstream_oauth_provider_id" UUID NOT NULL
|
|
CONSTRAINT "upstream_oauth_providers_pkey"
|
|
PRIMARY KEY,
|
|
|
|
"issuer" TEXT NOT NULL,
|
|
|
|
"scope" TEXT NOT NULL,
|
|
|
|
"client_id" TEXT NOT NULL,
|
|
|
|
-- Used for client_secret_basic, client_secret_post and client_secret_jwt auth methods
|
|
"encrypted_client_secret" TEXT,
|
|
|
|
-- Used for client_secret_jwt and private_key_jwt auth methods
|
|
"token_endpoint_signing_alg" TEXT,
|
|
|
|
"token_endpoint_auth_method" TEXT NOT NULL,
|
|
|
|
"created_at" TIMESTAMP WITH TIME ZONE NOT NULL
|
|
);
|
|
|
|
CREATE TABLE "upstream_oauth_links" (
|
|
"upstream_oauth_link_id" UUID NOT NULL
|
|
CONSTRAINT "upstream_oauth_links_pkey"
|
|
PRIMARY KEY,
|
|
|
|
"upstream_oauth_provider_id" UUID NOT NULL
|
|
CONSTRAINT "upstream_oauth_links_provider_fkey"
|
|
REFERENCES "upstream_oauth_providers" ("upstream_oauth_provider_id"),
|
|
|
|
-- The user is initially NULL when logging in the first time.
|
|
-- It then either links to an existing account, or creates a new one from scratch.
|
|
"user_id" UUID
|
|
CONSTRAINT "upstream_oauth_link_user_fkey"
|
|
REFERENCES "users" ("user_id"),
|
|
|
|
"subject" TEXT NOT NULL,
|
|
|
|
"created_at" TIMESTAMP WITH TIME ZONE NOT NULL,
|
|
|
|
-- There should only be one entry per subject/provider tuple
|
|
CONSTRAINT "upstream_oauth_links_subject_unique"
|
|
UNIQUE ("upstream_oauth_provider_id", "subject")
|
|
);
|
|
|
|
CREATE TABLE "upstream_oauth_authorization_sessions" (
|
|
"upstream_oauth_authorization_session_id" UUID NOT NULL
|
|
CONSTRAINT "upstream_oauth_authorization_sessions_pkey"
|
|
PRIMARY KEY,
|
|
|
|
"upstream_oauth_provider_id" UUID NOT NULL
|
|
CONSTRAINT "upstream_oauth_authorization_sessions_provider_fkey"
|
|
REFERENCES "upstream_oauth_providers" ("upstream_oauth_provider_id"),
|
|
|
|
-- The link it resolves to at the end of the authorization grant
|
|
"upstream_oauth_link_id" UUID
|
|
CONSTRAINT "upstream_oauth_authorization_sessions_link_fkey"
|
|
REFERENCES "upstream_oauth_links" ("upstream_oauth_link_id"),
|
|
|
|
-- The ID token we got at the end of the authorization grant
|
|
"id_token" TEXT,
|
|
|
|
"state" TEXT NOT NULL
|
|
CONSTRAINT "upstream_oauth_authorization_sessions_state_unique"
|
|
UNIQUE,
|
|
|
|
"code_challenge_verifier" TEXT,
|
|
"nonce" TEXT NOT NULL,
|
|
|
|
"created_at" TIMESTAMP WITH TIME ZONE NOT NULL,
|
|
|
|
-- When the session turned into a link
|
|
"completed_at" TIMESTAMP WITH TIME ZONE,
|
|
-- When the session turned into a user session authentication
|
|
"consumed_at" TIMESTAMP WITH TIME ZONE
|
|
);
|