diff --git a/openid-connect-server-webapp/pom.xml b/openid-connect-server-webapp/pom.xml
index 4f35ad1c5..87b645b77 100644
--- a/openid-connect-server-webapp/pom.xml
+++ b/openid-connect-server-webapp/pom.xml
@@ -133,6 +133,13 @@
com.zaxxer
HikariCP
+
+
+
Deployable package of the OpenID Connect server
diff --git a/openid-connect-server-webapp/src/main/resources/db/clients_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/clients_oracle.sql
new file mode 100644
index 000000000..488d92845
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/resources/db/clients_oracle.sql
@@ -0,0 +1,51 @@
+--
+-- Insert client information into the temporary tables. To add clients to the Oracle database, edit things here.
+--
+
+INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
+ ('client', 'secret', 'Test Client', 0, null, 3600, 600, 1);
+
+INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'openid');
+INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'profile');
+INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'email');
+INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'address');
+INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'phone');
+INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'offline_access');
+
+INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost/');
+INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost:8080/');
+
+INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'authorization_code');
+INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'urn:ietf:params:oauth:grant_type:redelegate');
+INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'implicit');
+INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'refresh_token');
+
+--
+-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
+--
+
+MERGE INTO client_details
+ USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) vals
+ ON (vals.client_id = client_details.client_id)
+ WHEN NOT MATCHED THEN
+ INSERT (id, client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds,
+ id_token_validity_seconds, allow_introspection) VALUES(client_details_seq.nextval, vals.client_id, vals.client_secret, vals.client_name, vals.dynamically_registered,
+ vals.refresh_token_validity_seconds, vals.access_token_validity_seconds, vals.id_token_validity_seconds, vals.allow_introspection);
+
+MERGE INTO client_scope
+ USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) vals
+ ON (vals.id = client_scope.owner_id AND vals.scope = client_scope.scope)
+ WHEN NOT MATCHED THEN
+ INSERT (owner_id, scope) values (vals.id, vals.scope);
+
+MERGE INTO client_redirect_uri
+ USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) vals
+ ON (vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri)
+ WHEN NOT MATCHED THEN
+ INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
+
+MERGE INTO client_grant_type
+ USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) vals
+ ON (vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type)
+ WHEN NOT MATCHED THEN
+ INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);
diff --git a/openid-connect-server-webapp/src/main/resources/db/scopes_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/scopes_oracle.sql
new file mode 100644
index 000000000..98e98bfcb
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/resources/db/scopes_oracle.sql
@@ -0,0 +1,27 @@
+--
+-- Insert scope information into the temporary tables.
+--
+
+INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
+ ('openid', 'log in using your identity', 'user', 0, 1, 0, null);
+INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
+ ('profile', 'basic profile information', 'list-alt', 0, 1, 0, null);
+INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
+ ('email', 'email address', 'envelope', 0, 1, 0, null);
+INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
+ ('address', 'physical address', 'home', 0, 1, 0, null);
+INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
+ ('phone', 'telephone number', 'bell', 0, 1, 0, null);
+INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
+ ('offline_access', 'offline access', 'time', 0, 0, 0, null);
+
+--
+-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
+--
+
+MERGE INTO system_scope
+ USING (SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP) vals
+ ON (vals.scope = system_scope.scope)
+ WHEN NOT MATCHED THEN
+ INSERT (id, scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES(system_scope_seq.nextval, vals.scope,
+ vals.description, vals.icon, vals.restricted, vals.default_scope, vals.structured, vals.structured_param_description);
\ No newline at end of file
diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/loading_temp_tables_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/tables/loading_temp_tables_oracle.sql
new file mode 100644
index 000000000..f91f3e633
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/loading_temp_tables_oracle.sql
@@ -0,0 +1,77 @@
+--
+-- Temporary tables used during the bootstrapping process to safely load users and clients.
+-- These are not needed if you're not using the users.sql/clients.sql files to bootstrap the database.
+--
+
+CREATE GLOBAL TEMPORARY TABLE authorities_TEMP (
+ username varchar2(50) not null,
+ authority varchar2(50) not null,
+ constraint ix_authority_TEMP unique (username,authority)
+) ON COMMIT PRESERVE ROWS;
+
+CREATE GLOBAL TEMPORARY TABLE users_TEMP (
+ username VARCHAR2(50) not null primary key,
+ password VARCHAR2(50) not null,
+ enabled NUMBER(1) not null
+) ON COMMIT PRESERVE ROWS;
+
+CREATE GLOBAL TEMPORARY TABLE user_info_TEMP (
+ sub VARCHAR2(256) not null primary key,
+ preferred_username VARCHAR2(256),
+ name VARCHAR2(256),
+ given_name VARCHAR2(256),
+ family_name VARCHAR2(256),
+ middle_name VARCHAR2(256),
+ nickname VARCHAR2(256),
+ profile VARCHAR2(256),
+ picture VARCHAR2(256),
+ website VARCHAR2(256),
+ email VARCHAR2(256),
+ email_verified NUMBER(1),
+ gender VARCHAR2(256),
+ zone_info VARCHAR2(256),
+ locale VARCHAR2(256),
+ phone_number VARCHAR2(256),
+ address_id VARCHAR2(256),
+ updated_time VARCHAR2(256),
+ birthdate VARCHAR2(256)
+) ON COMMIT PRESERVE ROWS;
+
+CREATE GLOBAL TEMPORARY TABLE client_details_TEMP (
+ client_description VARCHAR2(256),
+ dynamically_registered NUMBER(1),
+ id_token_validity_seconds NUMBER(19),
+
+ client_id VARCHAR2(256),
+ client_secret VARCHAR2(2048),
+ access_token_validity_seconds NUMBER(19),
+ refresh_token_validity_seconds NUMBER(19),
+ allow_introspection NUMBER(1),
+
+ client_name VARCHAR2(256)
+) ON COMMIT PRESERVE ROWS;
+
+CREATE GLOBAL TEMPORARY TABLE client_scope_TEMP (
+ owner_id VARCHAR2(256),
+ scope VARCHAR2(2048)
+) ON COMMIT PRESERVE ROWS;
+
+CREATE GLOBAL TEMPORARY TABLE client_redirect_uri_TEMP (
+ owner_id VARCHAR2(256),
+ redirect_uri VARCHAR2(2048)
+) ON COMMIT PRESERVE ROWS;
+
+CREATE GLOBAL TEMPORARY TABLE client_grant_type_TEMP (
+ owner_id VARCHAR2(256),
+ grant_type VARCHAR2(2000)
+) ON COMMIT PRESERVE ROWS;
+
+CREATE GLOBAL TEMPORARY TABLE system_scope_TEMP (
+ scope VARCHAR2(256),
+ description VARCHAR2(4000),
+ icon VARCHAR2(256),
+ restricted NUMBER(1),
+ default_scope NUMBER(1),
+ structured NUMBER(1),
+ structured_param_description VARCHAR2(256)
+) ON COMMIT PRESERVE ROWS;
\ No newline at end of file
diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/oracle_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/oracle_database_tables.sql
new file mode 100644
index 000000000..106369ed4
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/oracle_database_tables.sql
@@ -0,0 +1,387 @@
+--
+-- Tables for OIDC Server functionality, Oracle
+--
+
+CREATE TABLE access_token (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ token_value VARCHAR2(4000),
+ expiration TIMESTAMP,
+ token_type VARCHAR2(256),
+ refresh_token_id NUMBER(19),
+ client_id NUMBER(19),
+ auth_holder_id NUMBER(19),
+ id_token_id NUMBER(19),
+ approved_site_id NUMBER(19)
+);
+CREATE SEQUENCE access_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE access_token_permissions (
+ access_token_id NUMBER(19) NOT NULL,
+ permission_id NUMBER(19) NOT NULL
+);
+
+CREATE TABLE address (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ formatted VARCHAR2(256),
+ street_address VARCHAR2(256),
+ locality VARCHAR2(256),
+ region VARCHAR2(256),
+ postal_code VARCHAR2(256),
+ country VARCHAR2(256)
+);
+CREATE SEQUENCE address_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE approved_site (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ user_id VARCHAR2(256),
+ client_id VARCHAR2(256),
+ creation_date TIMESTAMP,
+ access_date TIMESTAMP,
+ timeout_date TIMESTAMP,
+ whitelisted_site_id NUMBER(19)
+);
+CREATE SEQUENCE approved_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE approved_site_scope (
+ owner_id NUMBER(19),
+ scope VARCHAR2(256)
+);
+
+CREATE TABLE authentication_holder (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ user_auth_id NUMBER(19),
+ approved NUMBER(1),
+ redirect_uri VARCHAR2(2048),
+ client_id VARCHAR2(256)
+);
+CREATE SEQUENCE authentication_holder_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE auth_holder_authority (
+ owner_id NUMBER(19),
+ authority VARCHAR2(256)
+);
+
+CREATE TABLE auth_holder_resource_id (
+ owner_id NUMBER(19),
+ resource_id VARCHAR2(2048)
+);
+
+CREATE TABLE auth_holder_response_type (
+ owner_id NUMBER(19),
+ response_type VARCHAR2(2048)
+);
+
+CREATE TABLE auth_holder_extension (
+ owner_id NUMBER(19),
+ extension VARCHAR2(2048),
+ val VARCHAR2(2048)
+);
+
+CREATE TABLE authentication_holder_scope (
+ owner_id NUMBER(19),
+ scope VARCHAR2(2048)
+);
+
+CREATE TABLE auth_holder_request_parameter (
+ owner_id NUMBER(19),
+ param VARCHAR2(2048),
+ val VARCHAR2(2048)
+);
+
+CREATE TABLE saved_user_auth (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ name VARCHAR2(1024),
+ authenticated NUMBER(1),
+ source_class VARCHAR2(2048)
+);
+CREATE SEQUENCE saved_user_auth_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE saved_user_auth_authority (
+ owner_id NUMBER(19),
+ authority VARCHAR2(256)
+);
+
+CREATE TABLE client_authority (
+ owner_id NUMBER(19),
+ authority VARCHAR2(256)
+);
+
+CREATE TABLE authorization_code (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ code VARCHAR2(256),
+ auth_holder_id NUMBER(19),
+ expiration TIMESTAMP
+);
+CREATE SEQUENCE authorization_code_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE client_grant_type (
+ owner_id NUMBER(19),
+ grant_type VARCHAR2(2000)
+);
+
+CREATE TABLE client_response_type (
+ owner_id NUMBER(19),
+ response_type VARCHAR2(2000)
+);
+
+CREATE TABLE blacklisted_site (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ uri VARCHAR2(2048)
+);
+CREATE SEQUENCE blacklisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE client_details (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+
+ client_description VARCHAR2(1024),
+ reuse_refresh_tokens NUMBER(1) DEFAULT 1 NOT NULL,
+ dynamically_registered NUMBER(1) DEFAULT 0 NOT NULL,
+ allow_introspection NUMBER(1) DEFAULT 0 NOT NULL,
+ id_token_validity_seconds NUMBER(19) DEFAULT 600 NOT NULL,
+
+ client_id VARCHAR2(256),
+ client_secret VARCHAR2(2048),
+ access_token_validity_seconds NUMBER(19),
+ refresh_token_validity_seconds NUMBER(19),
+
+ application_type VARCHAR2(256),
+ client_name VARCHAR2(256),
+ token_endpoint_auth_method VARCHAR2(256),
+ subject_type VARCHAR2(256),
+
+ logo_uri VARCHAR2(2048),
+ policy_uri VARCHAR2(2048),
+ client_uri VARCHAR2(2048),
+ tos_uri VARCHAR2(2048),
+
+ jwks_uri VARCHAR2(2048),
+ jwks CLOB,
+ sector_identifier_uri VARCHAR2(2048),
+
+ request_object_signing_alg VARCHAR2(256),
+
+ user_info_signed_response_alg VARCHAR2(256),
+ user_info_encrypted_resp_alg VARCHAR2(256),
+ user_info_encrypted_resp_enc VARCHAR2(256),
+
+ id_token_signed_response_alg VARCHAR2(256),
+ id_token_encrypted_resp_alg VARCHAR2(256),
+ id_token_encrypted_resp_enc VARCHAR2(256),
+
+ token_endpoint_auth_sign_alg VARCHAR2(256),
+
+ default_max_age NUMBER(19),
+ require_auth_time NUMBER(1),
+ created_at TIMESTAMP,
+ initiate_login_uri VARCHAR2(2048),
+ clear_access_tokens_on_refresh NUMBER(1) DEFAULT 1 NOT NULL,
+
+ software_statement VARCHAR2(4000),
+
+ code_challenge_method VARCHAR2(256),
+
+ CONSTRAINT client_details_unique UNIQUE (client_id)
+);
+CREATE SEQUENCE client_details_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE client_request_uri (
+ owner_id NUMBER(19),
+ request_uri VARCHAR2(2000)
+);
+
+CREATE TABLE client_post_logout_redir_uri (
+ owner_id NUMBER(19),
+ post_logout_redirect_uri VARCHAR2(2000)
+);
+
+CREATE TABLE client_default_acr_value (
+ owner_id NUMBER(19),
+ default_acr_value VARCHAR2(2000)
+);
+
+CREATE TABLE client_contact (
+ owner_id NUMBER(19),
+ contact VARCHAR2(256)
+);
+
+CREATE TABLE client_redirect_uri (
+ owner_id NUMBER(19),
+ redirect_uri VARCHAR2(2048)
+);
+
+CREATE TABLE client_claims_redirect_uri (
+ owner_id NUMBER(19),
+ redirect_uri VARCHAR2(2048)
+);
+
+CREATE TABLE refresh_token (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ token_value VARCHAR2(4000),
+ expiration TIMESTAMP,
+ auth_holder_id NUMBER(19),
+ client_id NUMBER(19)
+);
+CREATE SEQUENCE refresh_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE client_resource (
+ owner_id NUMBER(19),
+ resource_id VARCHAR2(256)
+);
+
+CREATE TABLE client_scope (
+ owner_id NUMBER(19),
+ scope VARCHAR2(2048)
+);
+
+CREATE TABLE token_scope (
+ owner_id NUMBER(19),
+ scope VARCHAR2(2048)
+);
+
+CREATE TABLE system_scope (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ scope VARCHAR2(256) NOT NULL,
+ description VARCHAR2(4000),
+ icon VARCHAR2(256),
+ restricted NUMBER(1) DEFAULT 0 NOT NULL,
+ default_scope NUMBER(1) DEFAULT 0 NOT NULL,
+ structured NUMBER(1) DEFAULT 0 NOT NULL,
+ structured_param_description VARCHAR2(256),
+
+ CONSTRAINT system_scope_unique UNIQUE (scope)
+);
+CREATE SEQUENCE system_scope_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE user_info (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ sub VARCHAR2(256),
+ preferred_username VARCHAR2(256),
+ name VARCHAR2(256),
+ given_name VARCHAR2(256),
+ family_name VARCHAR2(256),
+ middle_name VARCHAR2(256),
+ nickname VARCHAR2(256),
+ profile VARCHAR2(256),
+ picture VARCHAR2(256),
+ website VARCHAR2(256),
+ email VARCHAR2(256),
+ email_verified NUMBER(1),
+ gender VARCHAR2(256),
+ zone_info VARCHAR2(256),
+ locale VARCHAR2(256),
+ phone_number VARCHAR2(256),
+ phone_number_verified NUMBER(1),
+ address_id VARCHAR2(256),
+ updated_time VARCHAR2(256),
+ birthdate VARCHAR2(256),
+ src VARCHAR2(4000)
+);
+CREATE SEQUENCE user_info_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE whitelisted_site (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ creator_user_id VARCHAR2(256),
+ client_id VARCHAR2(256)
+);
+CREATE SEQUENCE whitelisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE whitelisted_site_scope (
+ owner_id NUMBER(19),
+ scope VARCHAR2(256)
+);
+
+CREATE TABLE pairwise_identifier (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ identifier VARCHAR2(256),
+ sub VARCHAR2(256),
+ sector_identifier VARCHAR2(2048)
+);
+CREATE SEQUENCE pairwise_identifier_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE resource_set (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ name VARCHAR2(1024) NOT NULL,
+ uri VARCHAR2(1024),
+ icon_uri VARCHAR2(1024),
+ rs_type VARCHAR2(256),
+ owner VARCHAR2(256) NOT NULL,
+ client_id VARCHAR2(256)
+);
+CREATE SEQUENCE resource_set_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE resource_set_scope (
+ owner_id NUMBER(19) NOT NULL,
+ scope VARCHAR2(256) NOT NULL
+);
+
+CREATE TABLE permission_ticket (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ ticket VARCHAR2(256) NOT NULL,
+ permission_id NUMBER(19) NOT NULL,
+ expiration TIMESTAMP
+);
+CREATE SEQUENCE permission_ticket_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE permission (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ resource_set_id NUMBER(19)
+);
+CREATE SEQUENCE permission_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE permission_scope (
+ owner_id NUMBER(19) NOT NULL,
+ scope VARCHAR2(256) NOT NULL
+);
+
+CREATE TABLE claim (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ name VARCHAR2(256),
+ friendly_name VARCHAR2(1024),
+ claim_type VARCHAR2(1024),
+ claim_value VARCHAR2(1024)
+);
+CREATE SEQUENCE claim_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE claim_to_policy (
+ policy_id NUMBER(19) NOT NULL,
+ claim_id NUMBER(19) NOT NULL
+);
+
+CREATE TABLE claim_to_permission_ticket (
+ permission_ticket_id NUMBER(19) NOT NULL,
+ claim_id NUMBER(19) NOT NULL
+);
+
+CREATE TABLE policy (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ name VARCHAR2(1024),
+ resource_set_id NUMBER(19)
+);
+CREATE SEQUENCE policy_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE TABLE policy_scope (
+ owner_id NUMBER(19) NOT NULL,
+ scope VARCHAR2(256) NOT NULL
+);
+
+CREATE TABLE claim_token_format (
+ owner_id NUMBER(19) NOT NULL,
+ claim_token_format VARCHAR2(1024) NOT NULL
+);
+
+CREATE TABLE claim_issuer (
+ owner_id NUMBER(19) NOT NULL,
+ issuer VARCHAR2(1024) NOT NULL
+);
+
+CREATE TABLE saved_registered_client (
+ id NUMBER(19) NOT NULL PRIMARY KEY,
+ issuer VARCHAR2(1024),
+ registered_client CLOB
+);
+CREATE SEQUENCE saved_registered_client_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+
+CREATE INDEX at_tv_idx ON access_token(token_value);
+CREATE INDEX ts_oi_idx ON token_scope(owner_id);
+CREATE INDEX at_exp_idx ON access_token(expiration);
+CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id);
\ No newline at end of file
diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/security-schema_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/tables/security-schema_oracle.sql
new file mode 100644
index 000000000..b27c6ae6e
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/security-schema_oracle.sql
@@ -0,0 +1,16 @@
+--
+-- Tables for Spring Security's user details service
+--
+
+create table users(
+ username varchar2(50) not null primary key,
+ password varchar2(50) not null,
+ enabled number(19) not null
+);
+
+create table authorities (
+ username varchar2(50) not null,
+ authority varchar2(50) not null,
+ constraint fk_authorities_users foreign key(username) references users(username),
+ constraint ix_authority unique (username,authority)
+);
\ No newline at end of file
diff --git a/openid-connect-server-webapp/src/main/resources/db/users_oracle.sql b/openid-connect-server-webapp/src/main/resources/db/users_oracle.sql
new file mode 100644
index 000000000..732a13f16
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/resources/db/users_oracle.sql
@@ -0,0 +1,39 @@
+--
+-- Insert user information into the temporary tables. To add users to the Oracle database, edit things here.
+--
+
+INSERT INTO users_TEMP (username, password, enabled) VALUES ('admin','password',1);
+INSERT INTO users_TEMP (username, password, enabled) VALUES ('user','password',1);
+
+
+INSERT INTO authorities_TEMP (username, authority) VALUES ('admin','ROLE_ADMIN');
+INSERT INTO authorities_TEMP (username, authority) VALUES('admin','ROLE_USER');
+INSERT INTO authorities_TEMP (username, authority) VALUES('user','ROLE_USER');
+
+-- By default, the username column here has to match the username column in the users table, above
+INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', 1);
+INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('01921.FLANRJQW','user','Demo User','user@example.com', 1);
+
+
+--
+-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
+--
+
+MERGE INTO users
+ USING (SELECT username, password, enabled FROM users_TEMP) vals
+ ON (vals.username = users.username)
+ WHEN NOT MATCHED THEN
+ INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled);
+
+MERGE INTO authorities
+ USING (SELECT username, authority FROM authorities_TEMP) vals
+ ON (vals.username = authorities.username AND vals.authority = authorities.authority)
+ WHEN NOT MATCHED THEN
+ INSERT (username,authority) values (vals.username, vals.authority);
+
+MERGE INTO user_info
+ USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) vals
+ ON (vals.preferred_username = user_info.preferred_username)
+ WHEN NOT MATCHED THEN
+ INSERT (id, sub, preferred_username, name, email, email_verified) VALUES (user_info_seq.nextval, vals.sub, vals.preferred_username, vals.name, vals.email,
+ vals.email_verified);
diff --git a/openid-connect-server-webapp/src/main/resources/entity-mappings_oracle.xml b/openid-connect-server-webapp/src/main/resources/entity-mappings_oracle.xml
new file mode 100644
index 000000000..b1b074ac8
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/resources/entity-mappings_oracle.xml
@@ -0,0 +1,266 @@
+
+
+ OpenID Connect Server entities
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml
index 41b6c8688..13c16ddb7 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml
@@ -94,4 +94,29 @@
-->
+
+
+
+
+
+
+
+
diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml
index 5df98b83c..1b977626a 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml
@@ -48,6 +48,8 @@
+
+