Matthieu Bessat
02e16a7e74
- generate JWT id_token in token exchange - store optional nonce in authorization object - switch to RS256 algorithm for JWT signature - add JWKs endpoint to provide OIDC clients with public keys
41 lines
1.4 KiB
SQL
41 lines
1.4 KiB
SQL
DROP TABLE IF EXISTS users;
|
|
CREATE TABLE users (
|
|
id TEXT PRIMARY KEY,
|
|
handle TEXT NOT NULL UNIQUE,
|
|
full_name TEXT,
|
|
email TEXT UNIQUE,
|
|
website TEXT,
|
|
roles TEXT NOT NULL, -- json array of user roles
|
|
avatar_asset_id TEXT,
|
|
|
|
status TEXT CHECK(status IN ('Invited', 'Active', 'Disabled')) NOT NULL DEFAULT 'Disabled',
|
|
password_hash TEXT,
|
|
reset_password_token TEXT,
|
|
last_login_at DATETIME,
|
|
created_at DATETIME NOT NULL
|
|
);
|
|
|
|
DROP TABLE IF EXISTS user_assets;
|
|
CREATE TABLE user_assets (
|
|
id TEXT PRIMARY KEY,
|
|
user_id TEXT NOT NULL,
|
|
mime_type TEXT NOT NULL,
|
|
fingerprint TEXT NOT NULL,
|
|
name TEXT, -- file name
|
|
content BLOB NOT NULL,
|
|
created_at DATETIME NOT NULL
|
|
);
|
|
|
|
DROP TABLE IF EXISTS authorizations;
|
|
CREATE TABLE authorizations (
|
|
id TEXT PRIMARY KEY,
|
|
user_id TEXT NOT NULL,
|
|
client_id TEXT NOT NULL,
|
|
scopes TEXT, -- json array of app scope (permissions)
|
|
code TEXT,
|
|
nonce TEXT, -- code used to associate client session to id_token
|
|
|
|
last_used_at DATETIME,
|
|
created_at DATETIME NOT NULL
|
|
);
|
|
|