[REQ][MySQL] Tables for OAuth2 security schema #3550

ybelenko · 2019-08-03T22:29:55Z

Is your feature request related to a problem? Please describe.

While thinking about OAuth2 library for PHP Slim generator in #3549 I've found OAuth database schema in source code. Here and here.

Describe the solution you'd like

It would be great to add these tables to MySQL schema generator. Database schema copied from oauth2-server-php-mysql repo described below.

Tables

oauth_access_tokens

+--------------+---------------+------+-----+---------+-------+
| Field        | Type          | Null | Key | Default | Extra |
+--------------+---------------+------+-----+---------+-------+
| access_token | varchar(40)   | NO   | PRI | NULL    |       |
| client_id    | varchar(80)   | YES  |     | NULL    |       |
| user_id      | varchar(80)   | YES  |     | NULL    |       |
| expires      | timestamp     | NO   |     | NULL    |       |
| scope        | varchar(4000) | YES  |     | NULL    |       |
+--------------+---------------+------+-----+---------+-------+

oauth_authorization_codes

+--------------------+---------------+------+-----+---------+-------+
| Field              | Type          | Null | Key | Default | Extra |
+--------------------+---------------+------+-----+---------+-------+
| authorization_code | varchar(40)   | NO   | PRI | NULL    |       |
| client_id          | varchar(80)   | YES  |     | NULL    |       |
| user_id            | varchar(80)   | YES  |     | NULL    |       |
| redirect_uri       | varchar(2000) | NO   |     | NULL    |       |
| expires            | timestamp     | NO   |     | NULL    |       |
| scope              | varchar(4000) | YES  |     | NULL    |       |
| id_token           | varchar(1000) | YES  |     | NULL    |       |
+--------------------+---------------+------+-----+---------+-------+

oauth_clients

+---------------+---------------+------+-----+---------+-------+
| Field         | Type          | Null | Key | Default | Extra |
+---------------+---------------+------+-----+---------+-------+
| client_id     | varchar(80)   | NO   | PRI | NULL    |       |
| client_secret | varchar(80)   | YES  |     | NULL    |       |
| redirect_uri  | varchar(2000) | YES  |     | NULL    |       |
| grant_types   | varchar(80)   | YES  |     | NULL    |       |
| scope         | varchar(4000) | YES  |     | NULL    |       |
| user_id       | varchar(80)   | YES  |     | NULL    |       |
+---------------+---------------+------+-----+---------+-------+

oauth_jti

+----------+---------------+------+-----+---------+-------+
| Field    | Type          | Null | Key | Default | Extra |
+----------+---------------+------+-----+---------+-------+
| issuer   | varchar(80)   | NO   |     | NULL    |       |
| subject  | varchar(80)   | YES  |     | NULL    |       |
| audience | varchar(80)   | YES  |     | NULL    |       |
| expires  | timestamp     | NO   |     | NULL    |       |
| jti      | varchar(2000) | NO   |     | NULL    |       |
+----------+---------------+------+-----+---------+-------+

oauth_jwt

+------------+---------------+------+-----+---------+-------+
| Field      | Type          | Null | Key | Default | Extra |
+------------+---------------+------+-----+---------+-------+
| client_id  | varchar(80)   | NO   |     | NULL    |       |
| subject    | varchar(80)   | YES  |     | NULL    |       |
| public_key | varchar(2000) | NO   |     | NULL    |       |
+------------+---------------+------+-----+---------+-------+

oauth_public_keys

+----------------------+---------------+------+-----+---------+-------+
| Field                | Type          | Null | Key | Default | Extra |
+----------------------+---------------+------+-----+---------+-------+
| client_id            | varchar(80)   | YES  |     | NULL    |       |
| public_key           | varchar(2000) | YES  |     | NULL    |       |
| private_key          | varchar(2000) | YES  |     | NULL    |       |
| encryption_algorithm | varchar(100)  | YES  |     | RS256   |       |
+----------------------+---------------+------+-----+---------+-------+

oauth_refresh_tokens

+---------------+------------------+------+-----+-------------------+-----------------------------+
| Field         | Type             | Null | Key | Default           | Extra                       |
+---------------+------------------+------+-----+-------------------+-----------------------------+
| refresh_token | varchar(40)      | NO   | PRI | NULL              |                             |
| client_id     | varchar(80)      | YES  |     | NULL              |                             |
| user_id       | varchar(80)      | YES  |     | NULL              |                             |
| expires       | timestamp        | NO   |     | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
| scope         | varchar(4000)    | YES  |     | NULL              |                             |
+---------------+------------------+------+-----+-------------------+-----------------------------+

oauth_scopes

+------------+-------------+------+-----+---------+-------+
| Field      | Type        | Null | Key | Default | Extra |
+------------+-------------+------+-----+---------+-------+
| scope      | varchar(80) | NO   | PRI | NULL    |       |
| is_default | tinyint(1)  | YES  |     | NULL    |       |
+------------+-------------+------+-----+---------+-------+

oauth_users

+----------------+------------------+------+-----+---------+----------------+
| Field          | Type             | Null | Key | Default | Extra          |
+----------------+------------------+------+-----+---------+----------------+
| username       | varchar(80)      | YES  |     | NULL    |                |
| password       | varchar(80)      | YES  |     | NULL    |                |
| first_name     | varchar(80)      | YES  |     | NULL    |                |
| last_name      | varchar(80)      | YES  |     | NULL    |                |
| email          | varchar(2000)    | YES  |     | NULL    |                |
| email_verified | tinyint(1)       | YES  |     | NULL    |                |
| scope          | varchar(4000)    | YES  |     | NULL    |                |
+----------------+------------------+------+-----+---------+----------------+

Describe alternatives you've considered

I can't say that I'm fully satisfied with mentioned schema. My complaints are:

oauth_users.password column limited to 80 characters which can be not enough for future password encryption algorithms. In PHP docs password_hash recommended length is 255.
Schema doesn't set column collations. It's important for case-sensitive tokens(base64 e.g.). More info in submitted issue
It's not obvious that oauth_users.username is user_id mentioned in other tables. Maybe column comment can make it more clear.

If there are database architects in our community, they can significantly improve this schema.

The text was updated successfully, but these errors were encountered:

ybelenko added Feature: Authentication Schema: MySQL Generation of a MySQL Schema labels Aug 3, 2019

ybelenko added this to To do in MySQL Schema generator via automation Aug 3, 2019

ybelenko mentioned this issue Apr 2, 2020

[mysql] Add OAuth2 framework tables #5807

Merged

5 tasks

wing328 closed this as completed in #5807 Apr 21, 2020

MySQL Schema generator automation moved this from To do to Done Apr 21, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[REQ][MySQL] Tables for OAuth2 security schema #3550

[REQ][MySQL] Tables for OAuth2 security schema #3550

ybelenko commented Aug 3, 2019

[REQ][MySQL] Tables for OAuth2 security schema #3550

[REQ][MySQL] Tables for OAuth2 security schema #3550

Comments

ybelenko commented Aug 3, 2019

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Tables

oauth_access_tokens

oauth_authorization_codes

oauth_clients

oauth_jti

oauth_jwt

oauth_public_keys

oauth_refresh_tokens

oauth_scopes

oauth_users

Describe alternatives you've considered