Create client authorization code table + add RLS

nicky-LV · nicky-LV · commit da9bb51ec671 · 2024-08-13T21:30:41.000+01:00
diff --git a/supabase/migrations/20240810183922_create_oauth2_tables.sql b/supabase/migrations/20240810183922_create_oauth2_tables.sql
@@ -33,16 +33,36 @@ CREATE TABLE "public"."oauth2_client_authorization_grant_types" (
 ALTER TABLE "public"."oauth2_client_authorization_grant_types" ENABLE ROW LEVEL SECURITY;
 CREATE INDEX "idx_oauth2_authorization_grant_types_client_id" ON "public"."oauth2_client_authorization_grant_types"("client_id");
 
+-- table storing the authorization codes for clients
+CREATE TABLE "public"."oauth2_client_authorization_codes" (
+    id SERIAL PRIMARY KEY,
+    client_id TEXT NOT NULL REFERENCES "public"."oauth2_clients"(client_id) ON DELETE CASCADE,
+    authorization_code TEXT NOT NULL UNIQUE,
+    code_issued_at TIMESTAMPTZ DEFAULT NOW() NOT NULL,
+    code_expires_at TIMESTAMPTZ NOT NULL,
+    redirect_uri TEXT NOT NULL,
+    scopes TEXT[] NOT NULL,
+    user_id TEXT NOT NULL,
+    used BOOLEAN DEFAULT FALSE NOT NULL, 
+    enabled BOOLEAN DEFAULT TRUE NOT NULL
+);
+ALTER TABLE "public"."oauth2_client_authorization_codes" ENABLE ROW LEVEL SECURITY;
+CREATE INDEX "idx_oauth2_authorization_codes_client_id" ON "public"."oauth2_client_authorization_codes"("client_id");
+CREATE INDEX "idx_oauth2_authorization_codes_user_id" ON "public"."oauth2_client_authorization_codes"("user_id");
+
+
 -- table storing the access tokens for clients
 CREATE TABLE "public"."oauth2_client_access_tokens" (
     id SERIAL PRIMARY KEY,
     client_id TEXT NOT NULL REFERENCES "public"."oauth2_clients"(client_id) ON DELETE CASCADE,
     access_token TEXT NOT NULL UNIQUE,
     access_token_issued_at TIMESTAMPTZ DEFAULT NOW() NOT NULL,
     access_token_expires_at TIMESTAMPTZ NOT NULL,
-    enabled boolean DEFAULT TRUE NOT NULL
+    enabled boolean DEFAULT TRUE NOT NULL,
     scopes TEXT[] NOT NULL
 );
+ALTER TABLE "public"."oauth2_client_access_tokens" ENABLE ROW LEVEL SECURITY;
+CREATE INDEX "idx_oauth2_access_tokens_client_id" ON "public"."oauth2_client_access_tokens"("client_id");
 
 -- table storing the refresh tokens for clients
 CREATE TABLE "public"."oauth2_client_refresh_tokens" (
@@ -51,6 +71,8 @@ CREATE TABLE "public"."oauth2_client_refresh_tokens" (
     refresh_token TEXT NOT NULL UNIQUE,
     refresh_token_issued_at TIMESTAMPTZ DEFAULT NOW() NOT NULL,
     refresh_token_expires_at TIMESTAMPTZ NOT NULL,
-    enabled boolean DEFAULT TRUE NOT NULL
+    enabled boolean DEFAULT TRUE NOT NULL,
     scopes TEXT[] NOT NULL
-);
+);
+ALTER TABLE "public"."oauth2_client_refresh_tokens" ENABLE ROW LEVEL SECURITY;
+CREATE INDEX "idx_oauth2_refresh_tokens_client_id" ON "public"."oauth2_client_refresh_tokens"("client_id");
