Database Design

oauth_applications

Field	Purpose
id	Primary key, in case of using RDBMs
name	Application name
uid	Unique ID, used as client identifier
secret	Used together with uid for client authentication
redirect_uri	Redirects the resource owner to this URI (spec)
scopes	Defines which scopes the application uses
confidential	Indicates whether client public or private
created_at	Creation date & time
updated_at	Date & time of latest update

If you set enable_application_owner configuration option then applications table also includes:

Field	Purpose
owner_id	PK of the Resource owner record
owner_type	Resource owner model name

oauth_access_tokens

Field	Purpose
id	Primary key, in case of using RDBMs
resource_owner_id	PK of the resource owner record
application_id	PK of the client token was issued for
token	Token value
refresh_token	Refresh token value (used to refresh a token)
expires_in	TTL of the token (in seconds)
revoked_at	Date & time when token was revoked
created_at	Creation date & time
scopes	Access token scopes
previous_refresh_token	Previous refresh token value

If you enabled use_polymorphic_resource_owner configuration option then your database must have additional columns:

Field	Purpose
resource_owner_type	Resource owner model name

oauth_access_grants

Field	Purpose
id	Primary key, in case of using RDBMs
resource_owner_id	PK of the resource owner record
application_id	PK of the client token was issued for
token	Token value
expires_in	TTL of the token (in seconds)
redirect_uri	Redirect URI
revoked_at	Date & time when token was revoked
created_at	Creation date & time
scopes	Access token scopes

In case you enabled PKCE flow, your access grants table will include:

Field	Purpose
code_challenge	Code challenge value
code_challenge_method	Code challenge method name