github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updated client model to match OAuth Dyn Reg and OIDC Reg

pull/306/merge
Justin Richer 2013-03-04 12:48:05 -05:00
parent 5b9422ffdf
commit 3f8d7d70e5
4 changed files with 347 additions and 669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEntity.java Normal file
View File

@ -0,0 +1,84 @@
/**
*
*/
package org.mitre.jose;
import javax.persistence.Basic;
import javax.persistence.Embeddable;
import javax.persistence.Transient;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
/**
* @author jricher
*
*/
@Embeddable
public class JWEEncryptionMethodEntity {
private EncryptionMethod algorithm;
public JWEEncryptionMethodEntity() {
}
public JWEEncryptionMethodEntity(EncryptionMethod algorithm) {
this.algorithm = algorithm;
}
public JWEEncryptionMethodEntity(String algorithmName) {
setAlgorithmName(algorithmName);
}
/**
* Get the name of this algorithm, return null if no algorithm set.
* @return
*/
@Basic
public String getAlgorithmName() {
if (algorithm != null) {
return algorithm.getName();
} else {
return null;
}
}
/**
* Set the name of this algorithm.
* Calls JWEAlgorithm.parse()
* @param algorithmName
*/
public void setAlgorithmName(String algorithmName) {
if (algorithmName != null) {
algorithm = EncryptionMethod.parse(algorithmName);
} else {
algorithm = null;
}
}
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
return "JWEEncryptionMethodEntity [algorithm=" + algorithm + "]";
}
/**
* @return the algorithm
*/
@Transient
public EncryptionMethod getAlgorithm() {
return algorithm;
}
/**
* @param algorithm the algorithm to set
*/
public void setAlgorithm(EncryptionMethod algorithm) {
this.algorithm = algorithm;
}
}

810
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
View File

@ -44,6 +44,7 @@ import javax.persistence.Table;
import javax.persistence.Transient; import javax.persistence.Transient;
import org.mitre.jose.JWEAlgorithmEntity; import org.mitre.jose.JWEAlgorithmEntity;
import org.mitre.jose.JWEEncryptionMethodEntity;
import org.mitre.jose.JWSAlgorithmEntity; import org.mitre.jose.JWSAlgorithmEntity;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetails;
@ -64,60 +65,60 @@ public class ClientDetailsEntity implements ClientDetails {
private Long id; private Long id;
/** Fields from the OAuth2 Dynamic Registration Specification */
private String clientId = null; // client_id
private String clientSecret = null; // client_secret
private Set<String> redirectUris = new HashSet<String>(); // redirect_uris
private String clientName; // client_name
private String clientUri; // client_uri
private String logoUri; // logo_uri
private Set<String> contacts; // contacts
private String tosUri; // tos_uri
private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC; // token_endpoint_auth_method
private Set<String> scope = new HashSet<String>(); // scope
private Set<String> grantTypes = new HashSet<String>(); // grant_types
private String policyUri;
private String jwksUri;
/** Fields from OIDC Client Registration Specification **/
private Set<String> responseTypes = new HashSet<String>(); // response_types
private AppType applicationType; // application_type
private String sectorIdentifierUri; // sector_identifier_uri
private SubjectType subjectType; // subject_type
private JWSAlgorithmEntity requestObjectSigningAlg; // request_object_signing_alg
private JWSAlgorithmEntity userInfoSignedResponseAlg; // user_info_signed_response_alg
private JWEAlgorithmEntity userInfoEncryptedResponseAlg; // user_info_encrypted_response_alg
private JWEEncryptionMethodEntity userInfoEncryptedResponseEnc; // user_info_encrypted_response_enc
private JWSAlgorithmEntity idTokenSignedResponseAlg; // id_token_signed_response_alg
private JWEAlgorithmEntity idTokenEncryptedResponseAlg; // id_token_encrypted_response_alg
private JWEEncryptionMethodEntity idTokenEncryptedReponseEnc; // id_token_encrypted_response_enc
private Integer defaultMaxAge; // default_max_age
private boolean requireAuthTime = false; // require_auth_time
private Set<String> defaultACRvalues; // default_acr_values
private String initiateLoginUri; // initiate_login_uri
private String postLogoutRedirectUri; // post_logout_redirect_uri
private Set<String> requestUris; // request_uris
/** Fields to support the ClientDetails interface **/
private Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
private Integer accessTokenValiditySeconds = 0; // in seconds
private Integer refreshTokenValiditySeconds = 0; // in seconds
private Set<String> resourceIds = new HashSet<String>();
private Map<String, Object> additionalInformation = new HashMap<String, Object>();
/** Our own fields **/ /** Our own fields **/
private String clientDescription = ""; // human-readable description private String clientDescription = ""; // human-readable description
private boolean allowMultipleAccessTokens = false; // do we allow multiple access tokens, or not?
private boolean reuseRefreshToken = true; // do we let someone reuse a refresh token? private boolean reuseRefreshToken = true; // do we let someone reuse a refresh token?
private boolean dynamicallyRegistered = false; // was this client dynamically registered? private boolean dynamicallyRegistered = false; // was this client dynamically registered?
private boolean allowIntrospection = false; // do we let this client call the introspection endpoint? private boolean allowIntrospection = false; // do we let this client call the introspection endpoint?
private Integer idTokenValiditySeconds; //timeout for id tokens private Integer idTokenValiditySeconds; //timeout for id tokens
/** Fields from ClientDetails interface **/
private String clientId = null;
private String clientSecret = null;
private Set<String> scope = new HashSet<String>();
private Set<String> authorizedGrantTypes = new HashSet<String>();
private Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
private Integer accessTokenValiditySeconds = 0; // in seconds
private Integer refreshTokenValiditySeconds = 0; // in seconds
private Set<String> registeredRedirectUri = new HashSet<String>();
private Set<String> resourceIds = new HashSet<String>();
private Map<String, Object> additionalInformation = new HashMap<String, Object>();
/** Fields from Client Registration Specification **/
private AppType applicationType;
private String clientName;
private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC;
private SubjectType subjectType;
private Set<String> contacts;
private String logoUrl;
private String policyUrl;
private String clientUrl;
private String tosUrl;
private String jwkUrl;
private String jwkEncryptionUrl;
private String x509Url;
private String x509EncryptionUrl;
private String sectorIdentifierUrl;
private JWSAlgorithmEntity requireSignedRequestObject;
private JWSAlgorithmEntity userInfoSignedResponseAlg;
private JWEAlgorithmEntity userInfoEncryptedResponseAlg;
private JWEAlgorithmEntity userInfoEncryptedResponseEnc;
private JWEAlgorithmEntity userInfoEncryptedResponseInt;
private JWSAlgorithmEntity idTokenSignedResponseAlg;
private JWEAlgorithmEntity idTokenEncryptedResponseAlg;
private JWEAlgorithmEntity idTokenEncryptedReponseEnc;
private JWEAlgorithmEntity idTokenEncryptedResponseInt;
private Integer defaultMaxAge;
private boolean requireAuthTime = false;
private String defaultACR;
public enum AuthMethod { public enum AuthMethod {
SECRET_POST("client_secret_post"), SECRET_POST("client_secret_post"),
@ -249,16 +250,6 @@ public class ClientDetailsEntity implements ClientDetails {
return getAuthorizedGrantTypes().contains("refresh_token"); return getAuthorizedGrantTypes().contains("refresh_token");
} }
@Basic
@Column(name="allow_multiple_access_tokens")
public boolean isAllowMultipleAccessTokens() {
return allowMultipleAccessTokens;
}
public void setAllowMultipleAccessTokens(boolean allowMultipleAccessTokens) {
this.allowMultipleAccessTokens = allowMultipleAccessTokens;
}
@Basic @Basic
@Column(name="reuse_refresh_tokens") @Column(name="reuse_refresh_tokens")
public boolean isReuseRefreshToken() { public boolean isReuseRefreshToken() {
@ -322,7 +313,7 @@ public class ClientDetailsEntity implements ClientDetails {
} }
/** /**
* If the clientSecret is not null, then it is always required. * If the auth method is
*/ */
@Override @Override
@Transient @Transient
@ -382,6 +373,7 @@ public class ClientDetailsEntity implements ClientDetails {
joinColumns=@JoinColumn(name="owner_id") joinColumns=@JoinColumn(name="owner_id")
) )
@Override @Override
@Column(name="scope")
public Set<String> getScope() { public Set<String> getScope() {
return scope; return scope;
} }
@ -398,20 +390,26 @@ public class ClientDetailsEntity implements ClientDetails {
*/ */
@ElementCollection(fetch = FetchType.EAGER) @ElementCollection(fetch = FetchType.EAGER)
@CollectionTable( @CollectionTable(
name="authorized_grant_type", name="client_grant_type",
joinColumns=@JoinColumn(name="owner_id") joinColumns=@JoinColumn(name="owner_id")
) )
@Override @Column(name="grant_type")
@Column(name="authorized_grant_type") public Set<String> getGrantTypes() {
public Set<String> getAuthorizedGrantTypes() { return grantTypes;
return authorizedGrantTypes;
} }
/** /**
* @param authorizedGrantTypes the OAuth2 grant types that this client is allowed to use * @param authorizedGrantTypes the OAuth2 grant types that this client is allowed to use
*/ */
public void setAuthorizedGrantTypes(Set<String> authorizedGrantTypes) { public void setGrantTypes(Set<String> grantTypes) {
this.authorizedGrantTypes = authorizedGrantTypes; this.grantTypes = grantTypes;
}
/**
* passthrough for SECOAUTH api
*/
public Set<String> getAuthorizedGrantTypes() {
return getGrantTypes();
} }
/** /**
@ -419,7 +417,7 @@ public class ClientDetailsEntity implements ClientDetails {
*/ */
@ElementCollection(fetch = FetchType.EAGER) @ElementCollection(fetch = FetchType.EAGER)
@CollectionTable( @CollectionTable(
name="authority", name="client_authority",
joinColumns=@JoinColumn(name="owner_id") joinColumns=@JoinColumn(name="owner_id")
) )
@Override @Override
@ -468,19 +466,28 @@ public class ClientDetailsEntity implements ClientDetails {
*/ */
@ElementCollection(fetch = FetchType.EAGER) @ElementCollection(fetch = FetchType.EAGER)
@CollectionTable( @CollectionTable(
name="redirect_uri", name="client_redirect_uri",
joinColumns=@JoinColumn(name="owner_id") joinColumns=@JoinColumn(name="owner_id")
) )
@Column(name="redirect_uri") @Column(name="redirect_uri")
public Set<String> getRegisteredRedirectUri() { public Set<String> getRedirectUris() {
return registeredRedirectUri; return redirectUris;
} }
/** /**
* @param registeredRedirectUri the registeredRedirectUri to set * @param registeredRedirectUri the registeredRedirectUri to set
*/ */
public void setRegisteredRedirectUri(Set<String> registeredRedirectUri) { public void setRedirectUris(Set<String> redirectUris) {
this.registeredRedirectUri = registeredRedirectUri; this.redirectUris = redirectUris;
}
/**
* Pass-through method to fulfill the ClientDetails interface with a bad name
*/
@Override
@Transient
public Set<String> getRegisteredRedirectUri() {
return getRedirectUris();
} }
/** /**
@ -488,7 +495,7 @@ public class ClientDetailsEntity implements ClientDetails {
*/ */
@ElementCollection(fetch = FetchType.EAGER) @ElementCollection(fetch = FetchType.EAGER)
@CollectionTable( @CollectionTable(
name="resource_id", name="client_resource",
joinColumns=@JoinColumn(name="owner_id") joinColumns=@JoinColumn(name="owner_id")
) )
@Column(name="resource_id") @Column(name="resource_id")
@ -508,6 +515,8 @@ public class ClientDetailsEntity implements ClientDetails {
* This library does not make use of this field, so it is not * This library does not make use of this field, so it is not
* stored using our persistence layer. * stored using our persistence layer.
* *
* However, it's somehow required by SECOUATH.
*
* @return an empty map * @return an empty map
*/ */
@Override @Override
@ -561,7 +570,7 @@ public class ClientDetailsEntity implements ClientDetails {
@ElementCollection(fetch = FetchType.EAGER) @ElementCollection(fetch = FetchType.EAGER)
@CollectionTable( @CollectionTable(
name="contact", name="client_contact",
joinColumns=@JoinColumn(name="owner_id") joinColumns=@JoinColumn(name="owner_id")
) )
@Column(name="contact") @Column(name="contact")
@ -574,117 +583,87 @@ public class ClientDetailsEntity implements ClientDetails {
} }
@Basic @Basic
@Column(name="logo_url") @Column(name="logo_uri")
public String getLogoUrl() { public String getLogoUri() {
return logoUrl; return logoUri;
} }
public void setLogoUrl(String logoUrl) { public void setLogoUri(String logoUri) {
this.logoUrl = logoUrl; this.logoUri = logoUri;
} }
@Basic @Basic
@Column(name="policy_url") @Column(name="policy_uri")
public String getPolicyUrl() { public String getPolicyUri() {
return policyUrl; return policyUri;
} }
public void setPolicyUrl(String policyUrl) { public void setPolicyUri(String policyUri) {
this.policyUrl = policyUrl; this.policyUri = policyUri;
} }
/** /**
* @return the clientUrl * @return the clientUrl
*/ */
@Basic @Basic
@Column(name="client_url") @Column(name="client_uri")
public String getClientUrl() { public String getClientUri() {
return clientUrl; return clientUri;
} }
/** /**
* @param clientUrl the clientUrl to set * @param clientUrl the clientUrl to set
*/ */
public void setClientUrl(String clientUrl) { public void setClientUri(String clientUri) {
this.clientUrl = clientUrl; this.clientUri = clientUri;
} }
/** /**
* @return the tosUrl * @return the tosUrl
*/ */
@Basic @Basic
@Column(name="tos_url") @Column(name="tos_uri")
public String getTosUrl() { public String getTosUri() {
return tosUrl; return tosUri;
} }
/** /**
* @param tosUrl the tosUrl to set * @param tosUrl the tosUrl to set
*/ */
public void setTosUrl(String tosUrl) { public void setTosUri(String tosUri) {
this.tosUrl = tosUrl; this.tosUri = tosUri;
} }
@Basic @Basic
@Column(name="jwk_url") @Column(name="jwks_uri")
public String getJwkUrl() { public String getJwksUri() {
return jwkUrl; return jwksUri;
} }
public void setJwkUrl(String jwkUrl) { public void setJwksUri(String jwksUri) {
this.jwkUrl = jwkUrl; this.jwksUri = jwksUri;
} }
@Basic @Basic
@Column(name="jwk_encryption_url") @Column(name="sector_identifier_uri")
public String getJwkEncryptionUrl() { public String getSectorIdentifierUri() {
return jwkEncryptionUrl; return sectorIdentifierUri;
} }
public void setJwkEncryptionUrl(String jwkEncryptionUrl) { public void setSectorIdentifierUri(String sectorIdentifierUri) {
this.jwkEncryptionUrl = jwkEncryptionUrl; this.sectorIdentifierUri = sectorIdentifierUri;
}
@Basic
@Column(name="x509_url")
public String getX509Url() {
return x509Url;
}
public void setX509Url(String x509Url) {
this.x509Url = x509Url;
}
@Basic
@Column(name="x509_encryption_url")
public String getX509EncryptionUrl() {
return x509EncryptionUrl;
}
public void setX509EncryptionUrl(String x509EncryptionUrl) {
this.x509EncryptionUrl = x509EncryptionUrl;
}
@Basic
@Column(name="sector_identifier_url")
public String getSectorIdentifierUrl() {
return sectorIdentifierUrl;
}
public void setSectorIdentifierUrl(String sectorIdentifierUrl) {
this.sectorIdentifierUrl = sectorIdentifierUrl;
} }
@Embedded @Embedded
@AttributeOverrides({ @AttributeOverrides({
@AttributeOverride(name = "algorithmName", column=@Column(name="requre_signed_request_object")) @AttributeOverride(name = "algorithmName", column=@Column(name="request_object_signing_alg"))
}) })
public JWSAlgorithmEntity getRequireSignedRequestObject() { public JWSAlgorithmEntity getRequestObjectSigningAlg() {
return requireSignedRequestObject; return requestObjectSigningAlg;
} }
public void setRequireSignedRequestObject(JWSAlgorithmEntity requireSignedRequestObject) { public void setRequestObjectSigningAlg(JWSAlgorithmEntity requestObjectSigningAlg) {
this.requireSignedRequestObject = requireSignedRequestObject; this.requestObjectSigningAlg = requestObjectSigningAlg;
} }
@Embedded @Embedded
@ -715,26 +694,14 @@ public class ClientDetailsEntity implements ClientDetails {
@AttributeOverrides({ @AttributeOverrides({
@AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_enc")) @AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_enc"))
}) })
public JWEAlgorithmEntity getUserInfoEncryptedResponseEnc() { public JWEEncryptionMethodEntity getUserInfoEncryptedResponseEnc() {
return userInfoEncryptedResponseEnc; return userInfoEncryptedResponseEnc;
} }
public void setUserInfoEncryptedResponseEnc(JWEAlgorithmEntity userInfoEncryptedResponseEnc) { public void setUserInfoEncryptedResponseEnc(JWEEncryptionMethodEntity userInfoEncryptedResponseEnc) {
this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc; this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc;
} }
@Embedded
@AttributeOverrides({
@AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_int"))
})
public JWEAlgorithmEntity getUserInfoEncryptedResponseInt() {
return userInfoEncryptedResponseInt;
}
public void setUserInfoEncryptedResponseInt(JWEAlgorithmEntity userInfoEncryptedResponseInt) {
this.userInfoEncryptedResponseInt = userInfoEncryptedResponseInt;
}
@Embedded @Embedded
@AttributeOverrides({ @AttributeOverrides({
@AttributeOverride(name = "algorithmName", column=@Column(name="id_token_signed_response_alg")) @AttributeOverride(name = "algorithmName", column=@Column(name="id_token_signed_response_alg"))
@ -763,26 +730,14 @@ public class ClientDetailsEntity implements ClientDetails {
@AttributeOverrides({ @AttributeOverrides({
@AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_enc")) @AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_enc"))
}) })
public JWEAlgorithmEntity getIdTokenEncryptedReponseEnc() { public JWEEncryptionMethodEntity getIdTokenEncryptedReponseEnc() {
return idTokenEncryptedReponseEnc; return idTokenEncryptedReponseEnc;
} }
public void setIdTokenEncryptedReponseEnc(JWEAlgorithmEntity idTokenEncryptedReponseEnc) { public void setIdTokenEncryptedReponseEnc(JWEEncryptionMethodEntity idTokenEncryptedReponseEnc) {
this.idTokenEncryptedReponseEnc = idTokenEncryptedReponseEnc; this.idTokenEncryptedReponseEnc = idTokenEncryptedReponseEnc;
} }
@Embedded
@AttributeOverrides({
@AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_int"))
})
public JWEAlgorithmEntity getIdTokenEncryptedResponseInt() {
return idTokenEncryptedResponseInt;
}
public void setIdTokenEncryptedResponseInt(JWEAlgorithmEntity idTokenEncryptedResponseInt) {
this.idTokenEncryptedResponseInt = idTokenEncryptedResponseInt;
}
@Basic @Basic
@Column(name="default_max_age") @Column(name="default_max_age")
public Integer getDefaultMaxAge() { public Integer getDefaultMaxAge() {
@ -803,459 +758,96 @@ public class ClientDetailsEntity implements ClientDetails {
this.requireAuthTime = requireAuthTime; this.requireAuthTime = requireAuthTime;
} }
/**
* @return the responseTypes
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_response_type",
joinColumns=@JoinColumn(name="response_type")
)
@Column(name="response_type")
public Set<String> getResponseTypes() {
return responseTypes;
}
/**
* @param responseTypes the responseTypes to set
*/
public void setResponseTypes(Set<String> responseTypes) {
this.responseTypes = responseTypes;
}
/**
* @return the defaultACRvalues
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_default_acr_value",
joinColumns=@JoinColumn(name="owner_id")
)
@Column(name="default_acr_value")
public Set<String> getDefaultACRvalues() {
return defaultACRvalues;
}
/**
* @param defaultACRvalues the defaultACRvalues to set
*/
public void setDefaultACRvalues(Set<String> defaultACRvalues) {
this.defaultACRvalues = defaultACRvalues;
}
/**
* @return the initiateLoginUri
*/
@Basic @Basic
@Column(name="default_acr") @Column(name="initiate_login_uri")
public String getDefaultACR() { public String getInitiateLoginUri() {
return defaultACR; return initiateLoginUri;
} }
public void setDefaultACR(String defaultACR) { /**
this.defaultACR = defaultACR; * @param initiateLoginUri the initiateLoginUri to set
}
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/ */
@Override public void setInitiateLoginUri(String initiateLoginUri) {
public String toString() { this.initiateLoginUri = initiateLoginUri;
return "ClientDetailsEntity ["
+ (id != null ? "id=" + id + ", " : "")
+ (clientDescription != null ? "clientDescription="
+ clientDescription + ", " : "")
+ ", allowMultipleAccessTokens="
+ allowMultipleAccessTokens
+ ", reuseRefreshToken="
+ reuseRefreshToken
+ ", dynamicallyRegistered="
+ dynamicallyRegistered
+ ", "
+ (idTokenValiditySeconds != null ? "idTokenValiditySeconds="
+ idTokenValiditySeconds + ", " : "")
+ (clientId != null ? "clientId=" + clientId + ", " : "")
+ (clientSecret != null ? "clientSecret=" + clientSecret + ", "
: "")
+ (scope != null ? "scope=" + scope + ", " : "")
+ (authorizedGrantTypes != null ? "authorizedGrantTypes="
+ authorizedGrantTypes + ", " : "")
+ (authorities != null ? "authorities=" + authorities + ", "
: "")
+ (accessTokenValiditySeconds != null ? "accessTokenValiditySeconds="
+ accessTokenValiditySeconds + ", "
: "")
+ (refreshTokenValiditySeconds != null ? "refreshTokenValiditySeconds="
+ refreshTokenValiditySeconds + ", "
: "")
+ (registeredRedirectUri != null ? "registeredRedirectUri="
+ registeredRedirectUri + ", " : "")
+ (resourceIds != null ? "resourceIds=" + resourceIds + ", "
: "")
+ (additionalInformation != null ? "additionalInformation="
+ additionalInformation + ", " : "")
+ (applicationType != null ? "applicationType="
+ applicationType + ", " : "")
+ (clientName != null ? "clientName="
+ clientName + ", " : "")
+ (tokenEndpointAuthMethod != null ? "tokenEndpointAuthMethod="
+ tokenEndpointAuthMethod + ", " : "")
+ (subjectType != null ? "subjectType=" + subjectType + ", " : "")
+ (contacts != null ? "contacts=" + contacts + ", " : "")
+ (logoUrl != null ? "logoUrl=" + logoUrl + ", " : "")
+ (policyUrl != null ? "policyUrl=" + policyUrl + ", " : "")
+ (jwkUrl != null ? "jwkUrl=" + jwkUrl + ", " : "")
+ (jwkEncryptionUrl != null ? "jwkEncryptionUrl="
+ jwkEncryptionUrl + ", " : "")
+ (x509Url != null ? "x509Url=" + x509Url + ", " : "")
+ (x509EncryptionUrl != null ? "x509EncryptionUrl="
+ x509EncryptionUrl + ", " : "")
+ (sectorIdentifierUrl != null ? "sectorIdentifierUrl="
+ sectorIdentifierUrl + ", " : "")
+ (requireSignedRequestObject != null ? "requireSignedRequestObject="
+ requireSignedRequestObject + ", "
: "")
+ (userInfoSignedResponseAlg != null ? "userInfoSignedResponseAlg="
+ userInfoSignedResponseAlg + ", "
: "")
+ (userInfoEncryptedResponseAlg != null ? "userInfoEncryptedResponseAlg="
+ userInfoEncryptedResponseAlg + ", "
: "")
+ (userInfoEncryptedResponseEnc != null ? "userInfoEncryptedResponseEnc="
+ userInfoEncryptedResponseEnc + ", "
: "")
+ (userInfoEncryptedResponseInt != null ? "userInfoEncryptedResponseInt="
+ userInfoEncryptedResponseInt + ", "
: "")
+ (idTokenSignedResponseAlg != null ? "idTokenSignedResponseAlg="
+ idTokenSignedResponseAlg + ", "
: "")
+ (idTokenEncryptedResponseAlg != null ? "idTokenEncryptedResponseAlg="
+ idTokenEncryptedResponseAlg + ", "
: "")
+ (idTokenEncryptedReponseEnc != null ? "idTokenEncryptedReponseEnc="
+ idTokenEncryptedReponseEnc + ", "
: "")
+ (idTokenEncryptedResponseInt != null ? "idTokenEncryptedResponseInt="
+ idTokenEncryptedResponseInt + ", "
: "")
+ (defaultMaxAge != null ? "defaultMaxAge=" + defaultMaxAge
+ ", " : "") + "requireAuthTime=" + requireAuthTime
+ ", " + (defaultACR != null ? "defaultACR=" + defaultACR : "")
+ "]";
} }
/* (non-Javadoc) /**
* @see java.lang.Object#hashCode() * @return the postLogoutRedirectUri
*/ */
@Override @Basic
public int hashCode() { @Column(name="post_logout_redirect_uri")
final int prime = 31; public String getPostLogoutRedirectUri() {
int result = 1; return postLogoutRedirectUri;
result = prime
* result
+ ((accessTokenValiditySeconds == null) ? 0
: accessTokenValiditySeconds.hashCode());
result = prime
* result
+ ((additionalInformation == null) ? 0 : additionalInformation
.hashCode());
result = prime * result + (allowMultipleAccessTokens ? 1231 : 1237);
result = prime * result
+ ((clientName == null) ? 0 : clientName.hashCode());
result = prime * result
+ ((applicationType == null) ? 0 : applicationType.hashCode());
result = prime * result
+ ((authorities == null) ? 0 : authorities.hashCode());
result = prime
* result
+ ((authorizedGrantTypes == null) ? 0 : authorizedGrantTypes
.hashCode());
result = prime
* result
+ ((clientDescription == null) ? 0 : clientDescription
.hashCode());
result = prime * result
+ ((clientId == null) ? 0 : clientId.hashCode());
result = prime * result
+ ((clientSecret == null) ? 0 : clientSecret.hashCode());
result = prime * result
+ ((contacts == null) ? 0 : contacts.hashCode());
result = prime * result
+ ((defaultACR == null) ? 0 : defaultACR.hashCode());
result = prime * result
+ ((defaultMaxAge == null) ? 0 : defaultMaxAge.hashCode());
result = prime * result + (dynamicallyRegistered ? 1231 : 1237);
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime
* result
+ ((idTokenEncryptedReponseEnc == null) ? 0
: idTokenEncryptedReponseEnc.hashCode());
result = prime
* result
+ ((idTokenEncryptedResponseAlg == null) ? 0
: idTokenEncryptedResponseAlg.hashCode());
result = prime
* result
+ ((idTokenEncryptedResponseInt == null) ? 0
: idTokenEncryptedResponseInt.hashCode());
result = prime
* result
+ ((idTokenSignedResponseAlg == null) ? 0
: idTokenSignedResponseAlg.hashCode());
result = prime
* result
+ ((idTokenValiditySeconds == null) ? 0
: idTokenValiditySeconds.hashCode());
result = prime
* result
+ ((jwkEncryptionUrl == null) ? 0 : jwkEncryptionUrl.hashCode());
result = prime * result + ((jwkUrl == null) ? 0 : jwkUrl.hashCode());
result = prime * result + ((logoUrl == null) ? 0 : logoUrl.hashCode());
result = prime * result
+ ((policyUrl == null) ? 0 : policyUrl.hashCode());
result = prime
* result
+ ((refreshTokenValiditySeconds == null) ? 0
: refreshTokenValiditySeconds.hashCode());
result = prime
* result
+ ((registeredRedirectUri == null) ? 0 : registeredRedirectUri
.hashCode());
result = prime * result + (requireAuthTime ? 1231 : 1237);
result = prime
* result
+ ((requireSignedRequestObject == null) ? 0
: requireSignedRequestObject.hashCode());
result = prime * result
+ ((resourceIds == null) ? 0 : resourceIds.hashCode());
result = prime * result + (reuseRefreshToken ? 1231 : 1237);
result = prime * result + ((scope == null) ? 0 : scope.hashCode());
result = prime
* result
+ ((sectorIdentifierUrl == null) ? 0 : sectorIdentifierUrl
.hashCode());
result = prime
* result
+ ((tokenEndpointAuthMethod == null) ? 0 : tokenEndpointAuthMethod
.hashCode());
result = prime * result
+ ((subjectType == null) ? 0 : subjectType.hashCode());
result = prime
* result
+ ((userInfoEncryptedResponseAlg == null) ? 0
: userInfoEncryptedResponseAlg.hashCode());
result = prime
* result
+ ((userInfoEncryptedResponseEnc == null) ? 0
: userInfoEncryptedResponseEnc.hashCode());
result = prime
* result
+ ((userInfoEncryptedResponseInt == null) ? 0
: userInfoEncryptedResponseInt.hashCode());
result = prime
* result
+ ((userInfoSignedResponseAlg == null) ? 0
: userInfoSignedResponseAlg.hashCode());
result = prime
* result
+ ((x509EncryptionUrl == null) ? 0 : x509EncryptionUrl
.hashCode());
result = prime * result + ((x509Url == null) ? 0 : x509Url.hashCode());
return result;
} }
/* (non-Javadoc) /**
* @see java.lang.Object#equals(java.lang.Object) * @param postLogoutRedirectUri the postLogoutRedirectUri to set
*/ */
@Override public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
public boolean equals(Object obj) { this.postLogoutRedirectUri = postLogoutRedirectUri;
if (this == obj) { }
return true;
} /**
if (obj == null) { * @return the requestUris
return false; */
} @ElementCollection(fetch = FetchType.EAGER)
if (!(obj instanceof ClientDetailsEntity)) { @CollectionTable(
return false; name="client_request_uri",
} joinColumns=@JoinColumn(name="owner_id")
ClientDetailsEntity other = (ClientDetailsEntity) obj; )
if (accessTokenValiditySeconds == null) { @Column(name="request_uri")
if (other.accessTokenValiditySeconds != null) { public Set<String> getRequestUris() {
return false; return requestUris;
} }
} else if (!accessTokenValiditySeconds
.equals(other.accessTokenValiditySeconds)) { /**
return false; * @param requestUris the requestUris to set
} */
if (additionalInformation == null) { public void setRequestUris(Set<String> requestUris) {
if (other.additionalInformation != null) { this.requestUris = requestUris;
return false;
}
} else if (!additionalInformation.equals(other.additionalInformation)) {
return false;
}
if (allowMultipleAccessTokens != other.allowMultipleAccessTokens) {
return false;
}
if (clientName == null) {
if (other.clientName != null) {
return false;
}
} else if (!clientName.equals(other.clientName)) {
return false;
}
if (applicationType != other.applicationType) {
return false;
}
if (authorities == null) {
if (other.authorities != null) {
return false;
}
} else if (!authorities.equals(other.authorities)) {
return false;
}
if (authorizedGrantTypes == null) {
if (other.authorizedGrantTypes != null) {
return false;
}
} else if (!authorizedGrantTypes.equals(other.authorizedGrantTypes)) {
return false;
}
if (clientDescription == null) {
if (other.clientDescription != null) {
return false;
}
} else if (!clientDescription.equals(other.clientDescription)) {
return false;
}
if (clientId == null) {
if (other.clientId != null) {
return false;
}
} else if (!clientId.equals(other.clientId)) {
return false;
}
if (clientSecret == null) {
if (other.clientSecret != null) {
return false;
}
} else if (!clientSecret.equals(other.clientSecret)) {
return false;
}
if (contacts == null) {
if (other.contacts != null) {
return false;
}
} else if (!contacts.equals(other.contacts)) {
return false;
}
if (defaultACR == null) {
if (other.defaultACR != null) {
return false;
}
} else if (!defaultACR.equals(other.defaultACR)) {
return false;
}
if (defaultMaxAge == null) {
if (other.defaultMaxAge != null) {
return false;
}
} else if (!defaultMaxAge.equals(other.defaultMaxAge)) {
return false;
}
if (dynamicallyRegistered != other.dynamicallyRegistered) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (idTokenEncryptedReponseEnc != other.idTokenEncryptedReponseEnc) {
return false;
}
if (idTokenEncryptedResponseAlg != other.idTokenEncryptedResponseAlg) {
return false;
}
if (idTokenEncryptedResponseInt != other.idTokenEncryptedResponseInt) {
return false;
}
if (idTokenSignedResponseAlg != other.idTokenSignedResponseAlg) {
return false;
}
if (idTokenValiditySeconds == null) {
if (other.idTokenValiditySeconds != null) {
return false;
}
} else if (!idTokenValiditySeconds.equals(other.idTokenValiditySeconds)) {
return false;
}
if (jwkEncryptionUrl == null) {
if (other.jwkEncryptionUrl != null) {
return false;
}
} else if (!jwkEncryptionUrl.equals(other.jwkEncryptionUrl)) {
return false;
}
if (jwkUrl == null) {
if (other.jwkUrl != null) {
return false;
}
} else if (!jwkUrl.equals(other.jwkUrl)) {
return false;
}
if (logoUrl == null) {
if (other.logoUrl != null) {
return false;
}
} else if (!logoUrl.equals(other.logoUrl)) {
return false;
}
if (policyUrl == null) {
if (other.policyUrl != null) {
return false;
}
} else if (!policyUrl.equals(other.policyUrl)) {
return false;
}
if (refreshTokenValiditySeconds == null) {
if (other.refreshTokenValiditySeconds != null) {
return false;
}
} else if (!refreshTokenValiditySeconds
.equals(other.refreshTokenValiditySeconds)) {
return false;
}
if (registeredRedirectUri == null) {
if (other.registeredRedirectUri != null) {
return false;
}
} else if (!registeredRedirectUri.equals(other.registeredRedirectUri)) {
return false;
}
if (requireAuthTime != other.requireAuthTime) {
return false;
}
if (requireSignedRequestObject != other.requireSignedRequestObject) {
return false;
}
if (resourceIds == null) {
if (other.resourceIds != null) {
return false;
}
} else if (!resourceIds.equals(other.resourceIds)) {
return false;
}
if (reuseRefreshToken != other.reuseRefreshToken) {
return false;
}
if (scope == null) {
if (other.scope != null) {
return false;
}
} else if (!scope.equals(other.scope)) {
return false;
}
if (sectorIdentifierUrl == null) {
if (other.sectorIdentifierUrl != null) {
return false;
}
} else if (!sectorIdentifierUrl.equals(other.sectorIdentifierUrl)) {
return false;
}
if (tokenEndpointAuthMethod != other.tokenEndpointAuthMethod) {
return false;
}
if (subjectType != other.subjectType) {
return false;
}
if (userInfoEncryptedResponseAlg != other.userInfoEncryptedResponseAlg) {
return false;
}
if (userInfoEncryptedResponseEnc != other.userInfoEncryptedResponseEnc) {
return false;
}
if (userInfoEncryptedResponseInt != other.userInfoEncryptedResponseInt) {
return false;
}
if (userInfoSignedResponseAlg != other.userInfoSignedResponseAlg) {
return false;
}
if (x509EncryptionUrl == null) {
if (other.x509EncryptionUrl != null) {
return false;
}
} else if (!x509EncryptionUrl.equals(other.x509EncryptionUrl)) {
return false;
}
if (x509Url == null) {
if (other.x509Url != null) {
return false;
}
} else if (!x509Url.equals(other.x509Url)) {
return false;
}
return true;
} }
} }

39
openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql
View File

@ -1,5 +1,5 @@
-- --
-- Tables for OIDC Server functionality. -- Tables for OIDC Server functionality, HSQL
-- --
CREATE TABLE IF NOT EXISTS access_token ( CREATE TABLE IF NOT EXISTS access_token (
@ -44,7 +44,7 @@ CREATE TABLE IF NOT EXISTS authentication_holder (
authentication LONGVARBINARY authentication LONGVARBINARY
); );
CREATE TABLE IF NOT EXISTS authority ( CREATE TABLE IF NOT EXISTS client_authority (
owner_id BIGINT, owner_id BIGINT,
authority LONGVARBINARY authority LONGVARBINARY
); );
@ -55,9 +55,14 @@ CREATE TABLE IF NOT EXISTS authorization_code (
authorization_request_holder LONGVARBINARY authorization_request_holder LONGVARBINARY
); );
CREATE TABLE IF NOT EXISTS authorized_grant_type ( CREATE TABLE IF NOT EXISTS client_grant_type (
owner_id BIGINT, owner_id BIGINT,
authorized_grant_type VARCHAR(2000) grant_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_response_type (
owner_id BIGINT,
response_type VARCHAR(2000)
); );
CREATE TABLE IF NOT EXISTS blacklisted_site ( CREATE TABLE IF NOT EXISTS blacklisted_site (
@ -69,7 +74,6 @@ CREATE TABLE IF NOT EXISTS client_details (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
client_description VARCHAR(1024), client_description VARCHAR(1024),
allow_multiple_access_tokens BOOLEAN NOT NULL DEFAULT true,
reuse_refresh_tokens BOOLEAN NOT NULL DEFAULT true, reuse_refresh_tokens BOOLEAN NOT NULL DEFAULT true,
dynamically_registered BOOLEAN NOT NULL DEFAULT false, dynamically_registered BOOLEAN NOT NULL DEFAULT false,
allow_introspection BOOLEAN NOT NULL DEFAULT false, allow_introspection BOOLEAN NOT NULL DEFAULT false,
@ -85,28 +89,23 @@ CREATE TABLE IF NOT EXISTS client_details (
token_endpoint_auth_method VARCHAR(256), token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256), subject_type VARCHAR(256),
logo_url VARCHAR(2048), logo_uri VARCHAR(2048),
policy_url VARCHAR(2048), policy_uri VARCHAR(2048),
client_url VARCHAR(2048), client_uri VARCHAR(2048),
tos_url VARCHAR(2048), tos_uri VARCHAR(2048),
jwk_url VARCHAR(2048), jwks_uri VARCHAR(2048),
jwk_encryption_url VARCHAR(2048), sector_identifier_uri VARCHAR(2048),
x509_url VARCHAR(2048),
x509_encryption_url VARCHAR(2048),
sector_identifier_url VARCHAR(2048),
requre_signed_request_object VARCHAR(256), request_object_signing_alg VARCHAR(256),
user_info_signed_response_alg VARCHAR(256), user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256), user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256), user_info_encrypted_response_enc VARCHAR(256),
user_info_encrypted_response_int VARCHAR(256),
id_token_signed_response_alg VARCHAR(256), id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256), id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256), id_token_encrypted_response_enc VARCHAR(256),
id_token_encrypted_response_int VARCHAR(256),
default_max_age BIGINT, default_max_age BIGINT,
require_auth_time BOOLEAN NOT NULL DEFAULT FALSE, require_auth_time BOOLEAN NOT NULL DEFAULT FALSE,
@ -121,7 +120,7 @@ CREATE TABLE IF NOT EXISTS client_nonce (
expire_date DATE expire_date DATE
); );
CREATE TABLE IF NOT EXISTS contact ( CREATE TABLE IF NOT EXISTS client_contact (
owner_id BIGINT, owner_id BIGINT,
contact VARCHAR(256) contact VARCHAR(256)
); );
@ -132,7 +131,7 @@ CREATE TABLE IF NOT EXISTS event (
timestamp DATE timestamp DATE
); );
CREATE TABLE IF NOT EXISTS redirect_uri ( CREATE TABLE IF NOT EXISTS client_redirect_uri (
owner_id BIGINT, owner_id BIGINT,
redirect_uri VARCHAR(2048) redirect_uri VARCHAR(2048)
); );
@ -145,7 +144,7 @@ CREATE TABLE IF NOT EXISTS refresh_token (
client_id VARCHAR(256) client_id VARCHAR(256)
); );
CREATE TABLE IF NOT EXISTS resource_id ( CREATE TABLE IF NOT EXISTS client_resource (
owner_id BIGINT, owner_id BIGINT,
resource_id VARCHAR(256) resource_id VARCHAR(256)
); );

79
openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql
View File

@ -1,4 +1,8 @@
CREATE TABLE access_token ( --
-- Tables for OIDC Server functionality, MySQL
--
CREATE TABLE IF NOT EXISTS access_token (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096), token_value VARCHAR(4096),
expiration TIMESTAMP NULL, expiration TIMESTAMP NULL,
@ -9,7 +13,7 @@ CREATE TABLE access_token (
id_token_id BIGINT id_token_id BIGINT
); );
CREATE TABLE address ( CREATE TABLE IF NOT EXISTS address (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
formatted VARCHAR(256), formatted VARCHAR(256),
street_address VARCHAR(256), street_address VARCHAR(256),
@ -19,7 +23,7 @@ CREATE TABLE address (
country VARCHAR(256) country VARCHAR(256)
); );
CREATE TABLE approved_site ( CREATE TABLE IF NOT EXISTS approved_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_id VARCHAR(4096), user_id VARCHAR(4096),
client_id VARCHAR(4096), client_id VARCHAR(4096),
@ -29,42 +33,47 @@ CREATE TABLE approved_site (
whitelisted_site_id VARCHAR(256) whitelisted_site_id VARCHAR(256)
); );
CREATE TABLE approved_site_scope ( CREATE TABLE IF NOT EXISTS approved_site_scope (
owner_id BIGINT, owner_id BIGINT,
scope VARCHAR(256) scope VARCHAR(256)
); );
CREATE TABLE authentication_holder ( CREATE TABLE IF NOT EXISTS authentication_holder (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
owner_id BIGINT, owner_id BIGINT,
authentication LONGBLOB authentication LONGBLOB
); );
CREATE TABLE authority ( CREATE TABLE IF NOT EXISTS client_authority (
owner_id BIGINT, owner_id BIGINT,
authority LONGBLOB authority LONGBLOB
); );
CREATE TABLE authorization_code ( CREATE TABLE IF NOT EXISTS authorization_code (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
code VARCHAR(256), code VARCHAR(256),
authorization_request_holder LONGBLOB authorization_request_holder LONGBLOB
); );
CREATE TABLE authorized_grant_type ( CREATE TABLE IF NOT EXISTS client_grant_type (
owner_id BIGINT, owner_id BIGINT,
authorized_grant_type VARCHAR(2000) grant_type VARCHAR(2000)
); );
CREATE TABLE blacklisted_site ( CREATE TABLE IF NOT EXISTS client_response_type (
owner_id BIGINT,
response_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS blacklisted_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
uri VARCHAR(2048) uri VARCHAR(2048)
); );
CREATE TABLE client_details ( CREATE TABLE IF NOT EXISTS client_details (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
client_description VARCHAR(256),
allow_multiple_access_tokens BOOLEAN NOT NULL DEFAULT 0, client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN NOT NULL DEFAULT 1, reuse_refresh_tokens BOOLEAN NOT NULL DEFAULT 1,
dynamically_registered BOOLEAN NOT NULL DEFAULT 0, dynamically_registered BOOLEAN NOT NULL DEFAULT 0,
allow_introspection BOOLEAN NOT NULL DEFAULT 0, allow_introspection BOOLEAN NOT NULL DEFAULT 0,
@ -80,35 +89,30 @@ CREATE TABLE client_details (
token_endpoint_auth_method VARCHAR(256), token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256), subject_type VARCHAR(256),
logo_url VARCHAR(2048), logo_uri VARCHAR(2048),
policy_url VARCHAR(2048), policy_uri VARCHAR(2048),
client_url VARCHAR(2048), client_uri VARCHAR(2048),
tos_url VARCHAR(2048), tos_uri VARCHAR(2048),
jwk_url VARCHAR(2048), jwks_uri VARCHAR(2048),
jwk_encryption_url VARCHAR(2048), sector_identifier_uri VARCHAR(2048),
x509_url VARCHAR(2048),
x509_encryption_url VARCHAR(2048),
sector_identifier_url VARCHAR(2048),
requre_signed_request_object VARCHAR(256), request_object_signing_alg VARCHAR(256),
user_info_signed_response_alg VARCHAR(256), user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256), user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256), user_info_encrypted_response_enc VARCHAR(256),
user_info_encrypted_response_int VARCHAR(256),
id_token_signed_response_alg VARCHAR(256), id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256), id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256), id_token_encrypted_response_enc VARCHAR(256),
id_token_encrypted_response_int VARCHAR(256),
default_max_age BIGINT, default_max_age BIGINT,
require_auth_time BOOLEAN NOT NULL DEFAULT 0, require_auth_time BOOLEAN NOT NULL DEFAULT 0,
default_acr VARCHAR(256) default_acr VARCHAR(256)
); );
CREATE TABLE client_nonce ( CREATE TABLE IF NOT EXISTS client_nonce (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
value VARCHAR(256), value VARCHAR(256),
client_id VARCHAR(256), client_id VARCHAR(256),
@ -116,23 +120,23 @@ CREATE TABLE client_nonce (
expire_date DATE expire_date DATE
); );
CREATE TABLE contact ( CREATE TABLE IF NOT EXISTS client_contact (
owner_id BIGINT, owner_id BIGINT,
contact VARCHAR(256) contact VARCHAR(256)
); );
CREATE TABLE event ( CREATE TABLE IF NOT EXISTS event (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
type INT(3), type INT(3),
timestamp DATE timestamp DATE
); );
CREATE TABLE redirect_uri ( CREATE TABLE IF NOT EXISTS client_redirect_uri (
owner_id BIGINT, owner_id BIGINT,
redirect_uri VARCHAR(2048) redirect_uri VARCHAR(2048)
); );
CREATE TABLE refresh_token ( CREATE TABLE IF NOT EXISTS refresh_token (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096), token_value VARCHAR(4096),
expiration TIMESTAMP NULL, expiration TIMESTAMP NULL,
@ -140,22 +144,22 @@ CREATE TABLE refresh_token (
client_id VARCHAR(256) client_id VARCHAR(256)
); );
CREATE TABLE resource_id ( CREATE TABLE IF NOT EXISTS client_resource (
owner_id BIGINT, owner_id BIGINT,
resource_id VARCHAR(256) resource_id VARCHAR(256)
); );
CREATE TABLE client_scope ( CREATE TABLE IF NOT EXISTS client_scope (
owner_id BIGINT, owner_id BIGINT,
scope VARCHAR(2048) scope VARCHAR(2048)
); );
CREATE TABLE token_scope ( CREATE TABLE IF NOT EXISTS token_scope (
owner_id BIGINT, owner_id BIGINT,
scope VARCHAR(2048) scope VARCHAR(2048)
); );
CREATE TABLE system_scope ( CREATE TABLE IF NOT EXISTS system_scope (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
scope VARCHAR(256) NOT NULL, scope VARCHAR(256) NOT NULL,
description VARCHAR(4096), description VARCHAR(4096),
@ -163,10 +167,9 @@ CREATE TABLE system_scope (
allow_dyn_reg BOOLEAN NOT NULL DEFAULT 0, allow_dyn_reg BOOLEAN NOT NULL DEFAULT 0,
default_scope BOOLEAN NOT NULL DEFAULT 0, default_scope BOOLEAN NOT NULL DEFAULT 0,
unique(scope) unique(scope)
); );
CREATE TABLE user_info ( CREATE TABLE IF NOT EXISTS user_info (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
sub VARCHAR(256), sub VARCHAR(256),
preferred_username VARCHAR(256), preferred_username VARCHAR(256),
@ -189,13 +192,13 @@ CREATE TABLE user_info (
birthdate VARCHAR(256) birthdate VARCHAR(256)
); );
CREATE TABLE whitelisted_site ( CREATE TABLE IF NOT EXISTS whitelisted_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
creator_user_id VARCHAR(256), creator_user_id VARCHAR(256),
client_id VARCHAR(256) client_id VARCHAR(256)
); );
CREATE TABLE whitelisted_site_scope ( CREATE TABLE IF NOT EXISTS whitelisted_site_scope (
owner_id BIGINT, owner_id BIGINT,
scope VARCHAR(256) scope VARCHAR(256)
); );