mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
0a970aef8a
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
188 lines
8.2 KiB
SQL
188 lines
8.2 KiB
SQL
CREATE TABLE IF NOT EXISTS user_opaque_identifier (
|
|
id INTEGER AUTO_INCREMENT,
|
|
service VARCHAR(20) NOT NULL,
|
|
sector_id VARCHAR(255) NOT NULL,
|
|
username VARCHAR(100) NOT NULL,
|
|
identifier CHAR(36) NOT NULL,
|
|
PRIMARY KEY (id)
|
|
);
|
|
|
|
CREATE UNIQUE INDEX user_opaque_identifier_service_sector_id_username_key ON user_opaque_identifier (service, sector_id, username);
|
|
CREATE UNIQUE INDEX user_opaque_identifier_identifier_key ON user_opaque_identifier (identifier);
|
|
|
|
CREATE TABLE IF NOT EXISTS oauth2_blacklisted_jti (
|
|
id INTEGER AUTO_INCREMENT,
|
|
signature VARCHAR(64) NOT NULL,
|
|
expires_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
PRIMARY KEY (id)
|
|
);
|
|
|
|
CREATE UNIQUE INDEX oauth2_blacklisted_jti_signature_key ON oauth2_blacklisted_jti (signature);
|
|
|
|
CREATE TABLE IF NOT EXISTS oauth2_consent_session (
|
|
id INTEGER AUTO_INCREMENT,
|
|
challenge_id CHAR(36) NOT NULL,
|
|
client_id VARCHAR(255) NOT NULL,
|
|
subject CHAR(36) NOT NULL,
|
|
authorized BOOLEAN NOT NULL DEFAULT FALSE,
|
|
granted BOOLEAN NOT NULL DEFAULT FALSE,
|
|
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
responded_at TIMESTAMP NULL DEFAULT NULL,
|
|
expires_at TIMESTAMP NULL DEFAULT NULL,
|
|
form_data TEXT NOT NULL,
|
|
requested_scopes TEXT NOT NULL,
|
|
granted_scopes TEXT NOT NULL,
|
|
requested_audience TEXT NULL,
|
|
granted_audience TEXT NULL,
|
|
PRIMARY KEY (id),
|
|
CONSTRAINT oauth2_consent_subject_fkey
|
|
FOREIGN KEY (subject)
|
|
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
|
|
);
|
|
|
|
CREATE UNIQUE INDEX oauth2_consent_session_challenge_id_key ON oauth2_consent_session (challenge_id);
|
|
|
|
CREATE TABLE IF NOT EXISTS oauth2_authorization_code_session (
|
|
id INTEGER AUTO_INCREMENT,
|
|
challenge_id CHAR(36) NOT NULL,
|
|
request_id VARCHAR(40) NOT NULL,
|
|
client_id VARCHAR(255) NOT NULL,
|
|
signature VARCHAR(255) NOT NULL,
|
|
subject CHAR(36) NOT NULL,
|
|
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
requested_scopes TEXT NOT NULL,
|
|
granted_scopes TEXT NOT NULL,
|
|
requested_audience TEXT NULL,
|
|
granted_audience TEXT NULL,
|
|
active BOOLEAN NOT NULL DEFAULT FALSE,
|
|
revoked BOOLEAN NOT NULL DEFAULT FALSE,
|
|
form_data TEXT NOT NULL,
|
|
session_data BLOB NOT NULL,
|
|
PRIMARY KEY (id),
|
|
CONSTRAINT oauth2_authorization_code_session_challenge_id_fkey
|
|
FOREIGN KEY (challenge_id)
|
|
REFERENCES oauth2_consent_session(challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
|
|
CONSTRAINT oauth2_authorization_code_session_subject_fkey
|
|
FOREIGN KEY (subject)
|
|
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
|
|
);
|
|
|
|
CREATE INDEX oauth2_authorization_code_session_request_id_idx ON oauth2_authorization_code_session (request_id);
|
|
CREATE INDEX oauth2_authorization_code_session_client_id_idx ON oauth2_authorization_code_session (client_id);
|
|
CREATE INDEX oauth2_authorization_code_session_client_id_subject_idx ON oauth2_authorization_code_session (client_id, subject);
|
|
|
|
CREATE TABLE IF NOT EXISTS oauth2_access_token_session (
|
|
id INTEGER AUTO_INCREMENT,
|
|
challenge_id CHAR(36) NOT NULL,
|
|
request_id VARCHAR(40) NOT NULL,
|
|
client_id VARCHAR(255) NOT NULL,
|
|
signature VARCHAR(255) NOT NULL,
|
|
subject CHAR(36) NOT NULL,
|
|
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
requested_scopes TEXT NOT NULL,
|
|
granted_scopes TEXT NOT NULL,
|
|
requested_audience TEXT NULL,
|
|
granted_audience TEXT NULL,
|
|
active BOOLEAN NOT NULL DEFAULT FALSE,
|
|
revoked BOOLEAN NOT NULL DEFAULT FALSE,
|
|
form_data TEXT NOT NULL,
|
|
session_data BLOB NOT NULL,
|
|
PRIMARY KEY (id),
|
|
CONSTRAINT oauth2_access_token_session_challenge_id_fkey
|
|
FOREIGN KEY(challenge_id)
|
|
REFERENCES oauth2_consent_session(challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
|
|
CONSTRAINT oauth2_access_token_session_subject_fkey
|
|
FOREIGN KEY(subject)
|
|
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
|
|
);
|
|
|
|
CREATE INDEX oauth2_access_token_session_request_id_idx ON oauth2_access_token_session (request_id);
|
|
CREATE INDEX oauth2_access_token_session_client_id_idx ON oauth2_access_token_session (client_id);
|
|
CREATE INDEX oauth2_access_token_session_client_id_subject_idx ON oauth2_access_token_session (client_id, subject);
|
|
|
|
CREATE TABLE IF NOT EXISTS oauth2_refresh_token_session (
|
|
id INTEGER AUTO_INCREMENT,
|
|
challenge_id CHAR(36) NOT NULL,
|
|
request_id VARCHAR(40) NOT NULL,
|
|
client_id VARCHAR(255) NOT NULL,
|
|
signature VARCHAR(255) NOT NULL,
|
|
subject CHAR(36) NOT NULL,
|
|
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
requested_scopes TEXT NOT NULL,
|
|
granted_scopes TEXT NOT NULL,
|
|
requested_audience TEXT NULL,
|
|
granted_audience TEXT NULL,
|
|
active BOOLEAN NOT NULL DEFAULT FALSE,
|
|
revoked BOOLEAN NOT NULL DEFAULT FALSE,
|
|
form_data TEXT NOT NULL,
|
|
session_data BLOB NOT NULL,
|
|
PRIMARY KEY (id),
|
|
CONSTRAINT oauth2_refresh_token_session_challenge_id_fkey
|
|
FOREIGN KEY(challenge_id)
|
|
REFERENCES oauth2_consent_session(challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
|
|
CONSTRAINT oauth2_refresh_token_session_subject_fkey
|
|
FOREIGN KEY(subject)
|
|
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
|
|
);
|
|
|
|
CREATE INDEX oauth2_refresh_token_session_request_id_idx ON oauth2_refresh_token_session (request_id);
|
|
CREATE INDEX oauth2_refresh_token_session_client_id_idx ON oauth2_refresh_token_session (client_id);
|
|
CREATE INDEX oauth2_refresh_token_session_client_id_subject_idx ON oauth2_refresh_token_session (client_id, subject);
|
|
|
|
CREATE TABLE IF NOT EXISTS oauth2_pkce_request_session (
|
|
id INTEGER AUTO_INCREMENT,
|
|
challenge_id CHAR(36) NOT NULL,
|
|
request_id VARCHAR(40) NOT NULL,
|
|
client_id VARCHAR(255) NOT NULL,
|
|
signature VARCHAR(255) NOT NULL,
|
|
subject CHAR(36) NOT NULL,
|
|
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
requested_scopes TEXT NOT NULL,
|
|
granted_scopes TEXT NOT NULL,
|
|
requested_audience TEXT NULL,
|
|
granted_audience TEXT NULL,
|
|
active BOOLEAN NOT NULL DEFAULT FALSE,
|
|
revoked BOOLEAN NOT NULL DEFAULT FALSE,
|
|
form_data TEXT NOT NULL,
|
|
session_data BLOB NOT NULL,
|
|
PRIMARY KEY (id),
|
|
CONSTRAINT oauth2_pkce_request_session_challenge_id_fkey
|
|
FOREIGN KEY(challenge_id)
|
|
REFERENCES oauth2_consent_session(challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
|
|
CONSTRAINT oauth2_pkce_request_session_subject_fkey
|
|
FOREIGN KEY(subject)
|
|
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
|
|
);
|
|
|
|
CREATE INDEX oauth2_pkce_request_session_request_id_idx ON oauth2_pkce_request_session (request_id);
|
|
CREATE INDEX oauth2_pkce_request_session_client_id_idx ON oauth2_pkce_request_session (client_id);
|
|
CREATE INDEX oauth2_pkce_request_session_client_id_subject_idx ON oauth2_pkce_request_session (client_id, subject);
|
|
|
|
CREATE TABLE IF NOT EXISTS oauth2_openid_connect_session (
|
|
id INTEGER AUTO_INCREMENT,
|
|
challenge_id CHAR(36) NOT NULL,
|
|
request_id VARCHAR(40) NOT NULL,
|
|
client_id VARCHAR(255) NOT NULL,
|
|
signature VARCHAR(255) NOT NULL,
|
|
subject CHAR(36) NOT NULL,
|
|
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
requested_scopes TEXT NOT NULL,
|
|
granted_scopes TEXT NOT NULL,
|
|
requested_audience TEXT NULL,
|
|
granted_audience TEXT NULL,
|
|
active BOOLEAN NOT NULL DEFAULT FALSE,
|
|
revoked BOOLEAN NOT NULL DEFAULT FALSE,
|
|
form_data TEXT NOT NULL,
|
|
session_data BLOB NOT NULL,
|
|
PRIMARY KEY (id),
|
|
CONSTRAINT oauth2_openid_connect_session_challenge_id_fkey
|
|
FOREIGN KEY(challenge_id)
|
|
REFERENCES oauth2_consent_session(challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
|
|
CONSTRAINT oauth2_openid_connect_session_subject_fkey
|
|
FOREIGN KEY(subject)
|
|
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
|
|
);
|
|
|
|
CREATE INDEX oauth2_openid_connect_session_request_id_idx ON oauth2_openid_connect_session (request_id);
|
|
CREATE INDEX oauth2_openid_connect_session_client_id_idx ON oauth2_openid_connect_session (client_id);
|
|
CREATE INDEX oauth2_openid_connect_session_client_id_subject_idx ON oauth2_openid_connect_session (client_id, subject); |