# # Log table to hold all OAuth request when you enabled logging # CREATE TABLE oauth_log ( olg_id serial primary key, olg_osr_consumer_key varchar(64), olg_ost_token varchar(64), olg_ocr_consumer_key varchar(64), olg_oct_token varchar(64), olg_usa_id_ref text, olg_received text not null, olg_sent text not null, olg_base_string text not null, olg_notes text not null, olg_timestamp timestamp not null default current_timestamp, olg_remote_ip inet not null ); COMMENT ON TABLE oauth_log IS 'Log table to hold all OAuth request when you enabled logging'; # # /////////////////// CONSUMER SIDE /////////////////// # # This is a registry of all consumer codes we got from other servers # The consumer_key/secret is obtained from the server # We also register the server uri, so that we can find the consumer key and secret # for a certain server. From that server we can check if we have a token for a # particular user. CREATE TABLE oauth_consumer_registry ( ocr_id serial primary key, ocr_usa_id_ref text, ocr_consumer_key varchar(128) not null, ocr_consumer_secret varchar(128) not null, ocr_signature_methods varchar(255) not null default 'HMAC-SHA1,PLAINTEXT', ocr_server_uri varchar(255) not null, ocr_server_uri_host varchar(128) not null, ocr_server_uri_path varchar(128) not null, ocr_request_token_uri varchar(255) not null, ocr_authorize_uri varchar(255) not null, ocr_access_token_uri varchar(255) not null, ocr_timestamp timestamp not null default current_timestamp, unique (ocr_consumer_key, ocr_usa_id_ref, ocr_server_uri) ); COMMENT ON TABLE oauth_consumer_registry IS 'This is a registry of all consumer codes we got from other servers'; # Table used to sign requests for sending to a server by the consumer # The key is defined for a particular user. Only one single named # key is allowed per user/server combination -- Create enum type token_type CREATE TYPE consumer_token_type AS ENUM ( 'request', 'authorized', 'access' ); CREATE TABLE oauth_consumer_token ( oct_id serial primary key, oct_ocr_id_ref integer not null, oct_usa_id_ref text not null, oct_name varchar(64) not null default '', oct_token varchar(64) not null, oct_token_secret varchar(64) not null, oct_token_type consumer_token_type, oct_token_ttl timestamp not null default timestamp '9999-12-31', oct_timestamp timestamp not null default current_timestamp, unique (oct_ocr_id_ref, oct_token), unique (oct_usa_id_ref, oct_ocr_id_ref, oct_token_type, oct_name), foreign key (oct_ocr_id_ref) references oauth_consumer_registry (ocr_id) on update cascade on delete cascade ); COMMENT ON TABLE oauth_consumer_token IS 'Table used to sign requests for sending to a server by the consumer'; # # ////////////////// SERVER SIDE ///////////////// # # Table holding consumer key/secret combos an user issued to consumers. # Used for verification of incoming requests. CREATE TABLE oauth_server_registry ( osr_id serial primary key, osr_usa_id_ref text, osr_consumer_key varchar(64) not null, osr_consumer_secret varchar(64) not null, osr_enabled boolean not null default true, osr_status varchar(16) not null, osr_requester_name varchar(64) not null, osr_requester_email varchar(64) not null, osr_callback_uri varchar(255) not null, osr_application_uri varchar(255) not null, osr_application_title varchar(80) not null, osr_application_descr text not null, osr_application_notes text not null, osr_application_type varchar(20) not null, osr_application_commercial boolean not null default false, osr_issue_date timestamp not null, osr_timestamp timestamp not null default current_timestamp, unique (osr_consumer_key) ); COMMENT ON TABLE oauth_server_registry IS 'Table holding consumer key/secret combos an user issued to consumers'; # Nonce used by a certain consumer, every used nonce should be unique, this prevents # replaying attacks. We need to store all timestamp/nonce combinations for the # maximum timestamp received. CREATE TABLE oauth_server_nonce ( osn_id serial primary key, osn_consumer_key varchar(64) not null, osn_token varchar(64) not null, osn_timestamp bigint not null, osn_nonce varchar(80) not null, unique (osn_consumer_key, osn_token, osn_timestamp, osn_nonce) ); COMMENT ON TABLE oauth_server_nonce IS 'Nonce used by a certain consumer, every used nonce should be unique, this prevents replaying attacks'; # Table used to verify signed requests sent to a server by the consumer # When the verification is succesful then the associated user id is returned. -- Create enum type token_type CREATE TYPE server_token_type AS ENUM ( 'request', 'access' ); CREATE TABLE oauth_server_token ( ost_id serial primary key, ost_osr_id_ref integer not null, ost_usa_id_ref text not null, ost_token varchar(64) not null, ost_token_secret varchar(64) not null, ost_token_type server_token_type, ost_authorized boolean not null default false, ost_referrer_host varchar(128) not null default '', ost_token_ttl timestamp not null default timestamp '9999-12-31', ost_timestamp timestamp not null default current_timestamp, ost_verifier char(10), ost_callback_url varchar(512), unique (ost_token), foreign key (ost_osr_id_ref) references oauth_server_registry (osr_id) on update cascade on delete cascade ); COMMENT ON TABLE oauth_server_token IS 'Table used to verify signed requests sent to a server by the consumer';