Database Design
oauth_applications
Field | Purpose |
id | Primary key, in case of using RDBMs |
name | Application name |
uid | Unique ID, used as client identifier |
secret | Used together with |
redirect_uri | Redirects the resource owner to this URI (spec) |
scopes | Defines which scopes the application uses |
confidential | Indicates whether client public or private |
created_at | Creation date & time |
updated_at | Date & time of latest update |
If you set enable_application_owner configuration option then applications table also includes:
Field | Purpose |
owner_id | PK of the Resource owner record |
owner_type | Resource owner model name |
oauth_access_tokens
Field | Purpose |
id | Primary key, in case of using RDBMs |
resource_owner_id | PK of the resource owner record |
application_id | PK of the client token was issued for |
token | Token value |
refresh_token | Refresh token value (used to refresh a token) |
expires_in | TTL of the token (in seconds) |
revoked_at | Date & time when token was revoked |
created_at | Creation date & time |
scopes | Access token scopes |
previous_refresh_token | Previous refresh token value |
If you enabled use_polymorphic_resource_owner configuration option then your database must have additional columns:
Field | Purpose |
resource_owner_type | Resource owner model name |
oauth_access_grants
Field | Purpose |
id | Primary key, in case of using RDBMs |
resource_owner_id | PK of the resource owner record |
application_id | PK of the client token was issued for |
token | Token value |
expires_in | TTL of the token (in seconds) |
redirect_uri | Redirect URI |
revoked_at | Date & time when token was revoked |
created_at | Creation date & time |
scopes | Access token scopes |
In case you enabled PKCE flow, your access grants table will include:
Field | Purpose |
code_challenge | Code challenge value |
code_challenge_method | Code challenge method name |
Last updated