# Database Design ## oauth\_applications | Field | Purpose | | ----------------- | ------------------------------------------------------------------------------------------------------ | | **id** | Primary key, in case of using RDBMs | | **name** | Application name | | **uid** | Unique ID, used as [*client identifier*](https://tools.ietf.org/html/rfc6749#section-2.2) | | **secret** | Used together with `uid` for client authentication | | **redirect\_uri** | Redirects the resource owner to this URI ([spec](https://tools.ietf.org/html/rfc6749#section-3.1.2)) | | **scopes** | Defines which [scopes](https://doorkeeper.gitbook.io/guides/configuration/scopes) the application uses | | **confidential** | Indicates whether client public or private | | **created\_at** | Creation date & time | | **updated\_at** | Date & time of latest update | If you set `enable_application_owner` configuration option then applications table also includes: | Field | Purpose | | --------------- | ------------------------------- | | **owner\_id** | PK of the Resource owner record | | **owner\_type** | Resource owner model name | ## oauth\_access\_tokens | Field | Purpose | | ---------------------------- | --------------------------------------------- | | **id** | Primary key, in case of using RDBMs | | **resource\_owner\_id** | PK of the resource owner record | | **application\_id** | PK of the client token was issued for | | **token** | Token value | | **refresh\_token** | Refresh token value (used to refresh a token) | | **expires\_in** | TTL of the token (in seconds) | | **revoked\_at** | Date & time when token was revoked | | **created\_at** | Creation date & time | | **scopes** | Access token scopes | | **previous\_refresh\_token** | Previous refresh token value | If you enabled `use_polymorphic_resource_owner` configuration option then your database must have additional columns: | Field | Purpose | | ------------------------- | ------------------------- | | **resource\_owner\_type** | Resource owner model name | ## oauth\_access\_grants | Field | Purpose | | ----------------------- | ------------------------------------- | | **id** | Primary key, in case of using RDBMs | | **resource\_owner\_id** | PK of the resource owner record | | **application\_id** | PK of the client token was issued for | | **token** | Token value | | **expires\_in** | TTL of the token (in seconds) | | **redirect\_uri** | Redirect URI | | **revoked\_at** | Date & time when token was revoked | | **created\_at** | Creation date & time | | **scopes** | Access token scopes | In case you enabled PKCE flow, your access grants table will include: | Field | Purpose | | --------------------------- | -------------------------- | | **code\_challenge** | Code challenge value | | **code\_challenge\_method** | Code challenge method name |