diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.cockroach.up.sql b/persistence/sql/migrations/20241609000001000000_device_flow.cockroach.up.sql index 69d926ba28..5f2d1b3a53 100644 --- a/persistence/sql/migrations/20241609000001000000_device_flow.cockroach.up.sql +++ b/persistence/sql/migrations/20241609000001000000_device_flow.cockroach.up.sql @@ -1,58 +1,34 @@ -- Migration generated by the command below; DO NOT EDIT. -- hydra:generate hydra migrate gen -CREATE TABLE IF NOT EXISTS hydra_oauth2_device_code +CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL DEFAULT '', - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL DEFAULT '', - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NOT NULL, - granted_audience TEXT NOT NULL, - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NOT NULL, + device_code_signature VARCHAR(255) NOT NULL, + user_code_signature VARCHAR(255) NOT NULL, + request_id VARCHAR(40) NOT NULL, + requested_at TIMESTAMP NOT NULL DEFAULT NOW(), + client_id VARCHAR(255) NOT NULL, + scope TEXT NOT NULL, + granted_scope TEXT NOT NULL, + form_data TEXT NOT NULL, + session_data TEXT NOT NULL, + subject VARCHAR(255) NOT NULL DEFAULT '', + device_code_active BOOL NOT NULL DEFAULT true, + user_code_state SMALLINT NOT NULL DEFAULT 0, + requested_audience TEXT NULL DEFAULT '', + granted_audience TEXT NULL DEFAULT '', + challenge_id VARCHAR(40) NULL, + expires_at TIMESTAMP NULL, + nid UUID NULL, FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE + FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE, + PRIMARY KEY (device_code_signature, nid) ); -CREATE INDEX hydra_oauth2_device_code_request_id_idx ON hydra_oauth2_device_code (request_id, nid); -CREATE INDEX hydra_oauth2_device_code_client_id_idx ON hydra_oauth2_device_code (client_id, nid); -CREATE INDEX hydra_oauth2_device_code_challenge_id_idx ON hydra_oauth2_device_code (challenge_id); -CREATE INDEX hydra_oauth2_device_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); - -CREATE TABLE IF NOT EXISTS hydra_oauth2_user_code -( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL DEFAULT '', - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL DEFAULT '', - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NOT NULL, - granted_audience TEXT NOT NULL, - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NOT NULL, - - FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE -); - -CREATE INDEX hydra_oauth2_user_code_request_id_idx ON hydra_oauth2_user_code (request_id, nid); -CREATE INDEX hydra_oauth2_user_code_client_id_idx ON hydra_oauth2_user_code (client_id, nid); -CREATE INDEX hydra_oauth2_user_code_challenge_id_idx ON hydra_oauth2_user_code (challenge_id); -CREATE INDEX hydra_oauth2_user_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); +CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id); +CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid); ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL; ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL; diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.down.sql b/persistence/sql/migrations/20241609000001000000_device_flow.down.sql index 54ceefff83..74f893a46c 100644 --- a/persistence/sql/migrations/20241609000001000000_device_flow.down.sql +++ b/persistence/sql/migrations/20241609000001000000_device_flow.down.sql @@ -1,16 +1,10 @@ -- Migration generated by the command below; DO NOT EDIT. -- hydra:generate hydra migrate gen -ALTER TABLE hydra_oauth2_device_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_code_challenge_id_fk; -ALTER TABLE hydra_oauth2_device_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_code_client_id_fk; -ALTER TABLE hydra_oauth2_device_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_code_nid_fk_idx; +ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_challenge_id_fk; +ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_client_id_fk; +ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_nid_fk_idx; -DROP TABLE IF EXISTS hydra_oauth2_device_code; - -ALTER TABLE hydra_oauth2_user_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_user_code_challenge_id_fk; -ALTER TABLE hydra_oauth2_user_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_user_code_client_id_fk; -ALTER TABLE hydra_oauth2_user_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_user_code_nid_fk_idx; - -DROP TABLE IF EXISTS hydra_oauth2_user_code; +DROP TABLE IF EXISTS hydra_oauth2_device_auth_codes; ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_challenge_id; ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_code_request_id; diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.mysql.up.sql b/persistence/sql/migrations/20241609000001000000_device_flow.mysql.up.sql index c0b6446a0e..1343058ff3 100644 --- a/persistence/sql/migrations/20241609000001000000_device_flow.mysql.up.sql +++ b/persistence/sql/migrations/20241609000001000000_device_flow.mysql.up.sql @@ -1,58 +1,34 @@ -- Migration generated by the command below; DO NOT EDIT. -- hydra:generate hydra migrate gen -CREATE TABLE IF NOT EXISTS hydra_oauth2_device_code +CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL DEFAULT '', - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL DEFAULT '', - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NOT NULL, - granted_audience TEXT NOT NULL, - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid CHAR(36) NOT NULL, + device_code_signature VARCHAR(255) NOT NULL, + user_code_signature VARCHAR(255) NOT NULL, + request_id VARCHAR(40) NOT NULL DEFAULT '', + requested_at TIMESTAMP NOT NULL DEFAULT NOW(), + client_id VARCHAR(255) NOT NULL, + scope TEXT NOT NULL, + granted_scope TEXT NOT NULL, + form_data TEXT NOT NULL, + session_data TEXT NOT NULL, + subject VARCHAR(255) NOT NULL DEFAULT '', + device_code_active BOOL NOT NULL DEFAULT true, + user_code_state SMALLINT NOT NULL DEFAULT 0, + requested_audience TEXT NOT NULL, + granted_audience TEXT NOT NULL, + challenge_id VARCHAR(40) NULL, + expires_at TIMESTAMP NULL, + nid CHAR(36) NOT NULL, FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE + FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE, + PRIMARY KEY (device_code_signature, nid) ); -CREATE INDEX hydra_oauth2_device_code_request_id_idx ON hydra_oauth2_device_code (request_id, nid); -CREATE INDEX hydra_oauth2_device_code_client_id_idx ON hydra_oauth2_device_code (client_id, nid); -CREATE INDEX hydra_oauth2_device_code_challenge_id_idx ON hydra_oauth2_device_code (challenge_id); -CREATE INDEX hydra_oauth2_device_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); - -CREATE TABLE IF NOT EXISTS hydra_oauth2_user_code -( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL DEFAULT '', - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL DEFAULT '', - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NOT NULL, - granted_audience TEXT NOT NULL, - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid CHAR(36) NOT NULL, - - FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE -); - -CREATE INDEX hydra_oauth2_user_code_request_id_idx ON hydra_oauth2_user_code (request_id, nid); -CREATE INDEX hydra_oauth2_user_code_client_id_idx ON hydra_oauth2_user_code (client_id, nid); -CREATE INDEX hydra_oauth2_user_code_challenge_id_idx ON hydra_oauth2_user_code (challenge_id); -CREATE INDEX hydra_oauth2_user_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); +CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id); +CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid); ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL; ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL; diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.postgres.up.sql b/persistence/sql/migrations/20241609000001000000_device_flow.postgres.up.sql index 29bc24f69e..8e3a76794f 100644 --- a/persistence/sql/migrations/20241609000001000000_device_flow.postgres.up.sql +++ b/persistence/sql/migrations/20241609000001000000_device_flow.postgres.up.sql @@ -1,56 +1,34 @@ -- Migration generated by the command below; DO NOT EDIT. -- hydra:generate hydra migrate gen -CREATE TABLE IF NOT EXISTS hydra_oauth2_device_code ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL, - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL, - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NULL DEFAULT '', - granted_audience TEXT NULL DEFAULT '', - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NULL, +CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes +( + device_code_signature VARCHAR(255) NOT NULL, + user_code_signature VARCHAR(255) NOT NULL, + request_id VARCHAR(40) NOT NULL, + requested_at TIMESTAMP NOT NULL DEFAULT NOW(), + client_id VARCHAR(255) NOT NULL, + scope TEXT NOT NULL, + granted_scope TEXT NOT NULL, + form_data TEXT NOT NULL, + session_data TEXT NOT NULL, + subject VARCHAR(255) NOT NULL DEFAULT '', + device_code_active BOOL NOT NULL DEFAULT true, + user_code_state SMALLINT NOT NULL DEFAULT 0, + requested_audience TEXT NULL DEFAULT '', + granted_audience TEXT NULL DEFAULT '', + challenge_id VARCHAR(40) NULL, + expires_at TIMESTAMP NULL, + nid UUID NULL, FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE + FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE, + PRIMARY KEY (device_code_signature, nid) ); -CREATE INDEX hydra_oauth2_device_code_request_id_idx ON hydra_oauth2_device_code (request_id, nid); -CREATE INDEX hydra_oauth2_device_code_client_id_idx ON hydra_oauth2_device_code (client_id, nid); -CREATE INDEX hydra_oauth2_device_code_challenge_id_idx ON hydra_oauth2_device_code (challenge_id); -CREATE INDEX hydra_oauth2_device_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); - -CREATE TABLE IF NOT EXISTS hydra_oauth2_user_code ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL, - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL, - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NULL DEFAULT '', - granted_audience TEXT NULL DEFAULT '', - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NULL, - - FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE -); - -CREATE INDEX hydra_oauth2_user_code_request_id_idx ON hydra_oauth2_user_code (request_id, nid); -CREATE INDEX hydra_oauth2_user_code_client_id_idx ON hydra_oauth2_user_code (client_id, nid); -CREATE INDEX hydra_oauth2_user_code_challenge_id_idx ON hydra_oauth2_user_code (challenge_id); -CREATE INDEX hydra_oauth2_user_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); +CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id); +CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid); ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL; ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL; diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.up.sql b/persistence/sql/migrations/20241609000001000000_device_flow.up.sql index ceb69a1078..47b8f54061 100644 --- a/persistence/sql/migrations/20241609000001000000_device_flow.up.sql +++ b/persistence/sql/migrations/20241609000001000000_device_flow.up.sql @@ -1,48 +1,30 @@ -- Migration generated by the command below; DO NOT EDIT. -- hydra:generate hydra migrate gen -CREATE TABLE IF NOT EXISTS hydra_oauth2_device_code +CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL, - requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + device_code_signature VARCHAR(255) NOT NULL PRIMARY KEY, + user_code_signature VARCHAR(255) NOT NULL, + request_id VARCHAR(40) NOT NULL, + requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, client_id VARCHAR(255) NOT NULL, - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, + scope TEXT NOT NULL, + granted_scope TEXT NOT NULL, + form_data TEXT NOT NULL, + session_data TEXT NOT NULL, subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NULL DEFAULT '', - granted_audience TEXT NULL DEFAULT '', - challenge_id VARCHAR(40) NULL, + device_code_active BOOL NOT NULL DEFAULT true, + user_code_state SMALLINT NOT NULL DEFAULT 0, + requested_audience TEXT NULL DEFAULT '', + granted_audience TEXT NULL DEFAULT '', + challenge_id VARCHAR(40) NULL, expires_at TIMESTAMP NULL, - nid UUID NULL + nid UUID NULL ); -CREATE INDEX hydra_oauth2_device_code_request_id_idx ON hydra_oauth2_device_code (request_id, nid); -CREATE INDEX hydra_oauth2_device_code_client_id_idx ON hydra_oauth2_device_code (client_id, nid); -CREATE INDEX hydra_oauth2_device_code_challenge_id_idx ON hydra_oauth2_device_code (challenge_id); -CREATE TABLE IF NOT EXISTS hydra_oauth2_user_code -( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL, - requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - client_id VARCHAR(255) NOT NULL, - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NULL DEFAULT '', - granted_audience TEXT NULL DEFAULT '', - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NULL -); -CREATE INDEX hydra_oauth2_user_code_request_id_idx ON hydra_oauth2_user_code (request_id, nid); -CREATE INDEX hydra_oauth2_user_code_client_id_idx ON hydra_oauth2_user_code (client_id, nid); -CREATE INDEX hydra_oauth2_user_code_challenge_id_idx ON hydra_oauth2_user_code (challenge_id); +CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id); +CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid); ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL; ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL; diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.cockroach.up.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.cockroach.up.sql index 59fae8ea86..23d3c7721e 100644 --- a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.cockroach.up.sql +++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.cockroach.up.sql @@ -1,56 +1,32 @@ -CREATE TABLE IF NOT EXISTS hydra_oauth2_device_code +CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL DEFAULT '', - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL DEFAULT '', - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NOT NULL, - granted_audience TEXT NOT NULL, - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NOT NULL, + device_code_signature VARCHAR(255) NOT NULL, + user_code_signature VARCHAR(255) NOT NULL, + request_id VARCHAR(40) NOT NULL, + requested_at TIMESTAMP NOT NULL DEFAULT NOW(), + client_id VARCHAR(255) NOT NULL, + scope TEXT NOT NULL, + granted_scope TEXT NOT NULL, + form_data TEXT NOT NULL, + session_data TEXT NOT NULL, + subject VARCHAR(255) NOT NULL DEFAULT '', + device_code_active BOOL NOT NULL DEFAULT true, + user_code_state SMALLINT NOT NULL DEFAULT 0, + requested_audience TEXT NULL DEFAULT '', + granted_audience TEXT NULL DEFAULT '', + challenge_id VARCHAR(40) NULL, + expires_at TIMESTAMP NULL, + nid UUID NULL, FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE + FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE, + PRIMARY KEY (device_code_signature, nid) ); -CREATE INDEX hydra_oauth2_device_code_request_id_idx ON hydra_oauth2_device_code (request_id, nid); -CREATE INDEX hydra_oauth2_device_code_client_id_idx ON hydra_oauth2_device_code (client_id, nid); -CREATE INDEX hydra_oauth2_device_code_challenge_id_idx ON hydra_oauth2_device_code (challenge_id); -CREATE INDEX hydra_oauth2_device_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); - -CREATE TABLE IF NOT EXISTS hydra_oauth2_user_code -( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL DEFAULT '', - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL DEFAULT '', - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NOT NULL, - granted_audience TEXT NOT NULL, - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NOT NULL, - - FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE -); - -CREATE INDEX hydra_oauth2_user_code_request_id_idx ON hydra_oauth2_user_code (request_id, nid); -CREATE INDEX hydra_oauth2_user_code_client_id_idx ON hydra_oauth2_user_code (client_id, nid); -CREATE INDEX hydra_oauth2_user_code_challenge_id_idx ON hydra_oauth2_user_code (challenge_id); -CREATE INDEX hydra_oauth2_user_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); +CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id); +CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid); ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL; ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL; diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.down.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.down.sql index 2547f10e76..d40f5b1ced 100644 --- a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.down.sql +++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.down.sql @@ -1,14 +1,8 @@ -ALTER TABLE hydra_oauth2_device_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_code_challenge_id_fk; -ALTER TABLE hydra_oauth2_device_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_code_client_id_fk; -ALTER TABLE hydra_oauth2_device_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_code_nid_fk_idx; +ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_challenge_id_fk; +ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_client_id_fk; +ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_nid_fk_idx; -DROP TABLE IF EXISTS hydra_oauth2_device_code; - -ALTER TABLE hydra_oauth2_user_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_user_code_challenge_id_fk; -ALTER TABLE hydra_oauth2_user_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_user_code_client_id_fk; -ALTER TABLE hydra_oauth2_user_code DROP FOREIGN KEY IF EXISTS hydra_oauth2_user_code_nid_fk_idx; - -DROP TABLE IF EXISTS hydra_oauth2_user_code; +DROP TABLE IF EXISTS hydra_oauth2_device_auth_codes; ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_challenge_id; ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_code_request_id; diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.mysql.up.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.mysql.up.sql index 19892b22d8..14a095a240 100644 --- a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.mysql.up.sql +++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.mysql.up.sql @@ -1,56 +1,32 @@ -CREATE TABLE IF NOT EXISTS hydra_oauth2_device_code +CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL DEFAULT '', - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL DEFAULT '', - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NOT NULL, - granted_audience TEXT NOT NULL, - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid CHAR(36) NOT NULL, + device_code_signature VARCHAR(255) NOT NULL, + user_code_signature VARCHAR(255) NOT NULL, + request_id VARCHAR(40) NOT NULL DEFAULT '', + requested_at TIMESTAMP NOT NULL DEFAULT NOW(), + client_id VARCHAR(255) NOT NULL, + scope TEXT NOT NULL, + granted_scope TEXT NOT NULL, + form_data TEXT NOT NULL, + session_data TEXT NOT NULL, + subject VARCHAR(255) NOT NULL DEFAULT '', + device_code_active BOOL NOT NULL DEFAULT true, + user_code_state SMALLINT NOT NULL DEFAULT 0, + requested_audience TEXT NOT NULL, + granted_audience TEXT NOT NULL, + challenge_id VARCHAR(40) NULL, + expires_at TIMESTAMP NULL, + nid CHAR(36) NOT NULL, FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE + FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE, + PRIMARY KEY (device_code_signature, nid) ); -CREATE INDEX hydra_oauth2_device_code_request_id_idx ON hydra_oauth2_device_code (request_id, nid); -CREATE INDEX hydra_oauth2_device_code_client_id_idx ON hydra_oauth2_device_code (client_id, nid); -CREATE INDEX hydra_oauth2_device_code_challenge_id_idx ON hydra_oauth2_device_code (challenge_id); -CREATE INDEX hydra_oauth2_device_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); - -CREATE TABLE IF NOT EXISTS hydra_oauth2_user_code -( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL DEFAULT '', - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL DEFAULT '', - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NOT NULL, - granted_audience TEXT NOT NULL, - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid CHAR(36) NOT NULL, - - FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE -); - -CREATE INDEX hydra_oauth2_user_code_request_id_idx ON hydra_oauth2_user_code (request_id, nid); -CREATE INDEX hydra_oauth2_user_code_client_id_idx ON hydra_oauth2_user_code (client_id, nid); -CREATE INDEX hydra_oauth2_user_code_challenge_id_idx ON hydra_oauth2_user_code (challenge_id); -CREATE INDEX hydra_oauth2_user_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); +CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id); +CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid); ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL; ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL; diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.postgres.up.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.postgres.up.sql index 62b894fd6b..10280acd18 100644 --- a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.postgres.up.sql +++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.postgres.up.sql @@ -1,54 +1,32 @@ -CREATE TABLE IF NOT EXISTS hydra_oauth2_device_code ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL, - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL, - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NULL DEFAULT '', - granted_audience TEXT NULL DEFAULT '', - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NULL, +CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes +( + device_code_signature VARCHAR(255) NOT NULL, + user_code_signature VARCHAR(255) NOT NULL, + request_id VARCHAR(40) NOT NULL, + requested_at TIMESTAMP NOT NULL DEFAULT NOW(), + client_id VARCHAR(255) NOT NULL, + scope TEXT NOT NULL, + granted_scope TEXT NOT NULL, + form_data TEXT NOT NULL, + session_data TEXT NOT NULL, + subject VARCHAR(255) NOT NULL DEFAULT '', + device_code_active BOOL NOT NULL DEFAULT true, + user_code_state SMALLINT NOT NULL DEFAULT 0, + requested_audience TEXT NULL DEFAULT '', + granted_audience TEXT NULL DEFAULT '', + challenge_id VARCHAR(40) NULL, + expires_at TIMESTAMP NULL, + nid UUID NULL, FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE + FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE, + PRIMARY KEY (device_code_signature, nid) ); -CREATE INDEX hydra_oauth2_device_code_request_id_idx ON hydra_oauth2_device_code (request_id, nid); -CREATE INDEX hydra_oauth2_device_code_client_id_idx ON hydra_oauth2_device_code (client_id, nid); -CREATE INDEX hydra_oauth2_device_code_challenge_id_idx ON hydra_oauth2_device_code (challenge_id); -CREATE INDEX hydra_oauth2_device_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); - -CREATE TABLE IF NOT EXISTS hydra_oauth2_user_code ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL, - requested_at TIMESTAMP NOT NULL DEFAULT NOW(), - client_id VARCHAR(255) NOT NULL, - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NULL DEFAULT '', - granted_audience TEXT NULL DEFAULT '', - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NULL, - - FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE, - FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE -); - -CREATE INDEX hydra_oauth2_user_code_request_id_idx ON hydra_oauth2_user_code (request_id, nid); -CREATE INDEX hydra_oauth2_user_code_client_id_idx ON hydra_oauth2_user_code (client_id, nid); -CREATE INDEX hydra_oauth2_user_code_challenge_id_idx ON hydra_oauth2_user_code (challenge_id); -CREATE INDEX hydra_oauth2_user_code_expires_at_idx ON hydra_oauth2_device_code (expires_at); +CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id); +CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid); ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL; ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL; diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.up.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.up.sql index 15f7417c62..9327ef347f 100644 --- a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.up.sql +++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.up.sql @@ -1,46 +1,28 @@ -CREATE TABLE IF NOT EXISTS hydra_oauth2_device_code +CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes ( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL, - requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + device_code_signature VARCHAR(255) NOT NULL PRIMARY KEY, + user_code_signature VARCHAR(255) NOT NULL, + request_id VARCHAR(40) NOT NULL, + requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, client_id VARCHAR(255) NOT NULL, - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, + scope TEXT NOT NULL, + granted_scope TEXT NOT NULL, + form_data TEXT NOT NULL, + session_data TEXT NOT NULL, subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NULL DEFAULT '', - granted_audience TEXT NULL DEFAULT '', - challenge_id VARCHAR(40) NULL, + device_code_active BOOL NOT NULL DEFAULT true, + user_code_state SMALLINT NOT NULL DEFAULT 0, + requested_audience TEXT NULL DEFAULT '', + granted_audience TEXT NULL DEFAULT '', + challenge_id VARCHAR(40) NULL, expires_at TIMESTAMP NULL, - nid UUID NULL + nid UUID NULL ); -CREATE INDEX hydra_oauth2_device_code_request_id_idx ON hydra_oauth2_device_code (request_id, nid); -CREATE INDEX hydra_oauth2_device_code_client_id_idx ON hydra_oauth2_device_code (client_id, nid); -CREATE INDEX hydra_oauth2_device_code_challenge_id_idx ON hydra_oauth2_device_code (challenge_id); -CREATE TABLE IF NOT EXISTS hydra_oauth2_user_code -( - signature VARCHAR(255) NOT NULL PRIMARY KEY, - request_id VARCHAR(40) NOT NULL, - requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - client_id VARCHAR(255) NOT NULL, - scope TEXT NOT NULL, - granted_scope TEXT NOT NULL, - form_data TEXT NOT NULL, - session_data TEXT NOT NULL, - subject VARCHAR(255) NOT NULL DEFAULT '', - active BOOL NOT NULL DEFAULT true, - requested_audience TEXT NULL DEFAULT '', - granted_audience TEXT NULL DEFAULT '', - challenge_id VARCHAR(40) NULL, - expires_at TIMESTAMP NULL, - nid UUID NULL -); -CREATE INDEX hydra_oauth2_user_code_request_id_idx ON hydra_oauth2_user_code (request_id, nid); -CREATE INDEX hydra_oauth2_user_code_client_id_idx ON hydra_oauth2_user_code (client_id, nid); -CREATE INDEX hydra_oauth2_user_code_challenge_id_idx ON hydra_oauth2_user_code (challenge_id); +CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid); +CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id); +CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid); ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL; ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;