Permalink
Browse files

Issue #19299 Change OAuth schema to normalize redirectURIs so XM.Simp…

…leModel parse works.
  • Loading branch information...
bendiy committed Mar 15, 2013
1 parent a8aa82a commit 387ea9bc3f1f4cf282b226c4406c099219aaff6f
@@ -3,121 +3,156 @@
"context": "xtuple",
"nameSpace": "XM",
"type": "Oauth2client",
- "table": "xt.oauth2client",
- "idSequenceName": "oauth2client_oauth2client_id_seq",
+ "table": "xt.oa2client",
+ "idSequenceName": "oa2client_oa2client_id_seq",
"comment": "Defines global OAuth 2.0 server registered client storage.",
"properties": [
{
"name": "id",
"attr": {
"type": "Number",
- "column": "oauth2client_id",
+ "column": "oa2client_id",
"isPrimaryKey": true
}
},
{
"name": "clientID",
"attr": {
"type": "String",
- "column": "oauth2client_client_id"
+ "column": "oa2client_client_id"
}
},
{
"name": "clientSecret",
"attr": {
"type": "String",
- "column": "oauth2client_client_secret"
+ "column": "oa2client_client_secret"
}
},
{
"name": "clientName",
"attr": {
"type": "String",
- "column": "oauth2client_client_name"
+ "column": "oa2client_client_name"
}
},
{
"name": "clientEmail",
"attr": {
"type": "String",
- "column": "oauth2client_client_email"
+ "column": "oa2client_client_email"
}
},
{
"name": "clientWebSite",
"attr": {
"type": "String",
- "column": "oauth2client_client_web_site"
+ "column": "oa2client_client_web_site"
}
},
{
"name": "clientLogo",
"attr": {
"type": "String",
- "column": "oauth2client_client_logo"
+ "column": "oa2client_client_logo"
}
},
{
"name": "clientType",
"attr": {
"type": "String",
- "column": "oauth2client_client_type"
+ "column": "oa2client_client_type"
}
},
{
"name": "isActive",
"attr": {
"type": "Boolean",
- "column": "oauth2client_active"
+ "column": "oa2client_active"
}
},
{
"name": "issued",
"attr": {
"type": "Date",
- "column": "oauth2client_issued"
+ "column": "oa2client_issued"
}
},
{
"name": "authURI",
"attr": {
"type": "String",
- "column": "oauth2client_auth_uri"
+ "column": "oa2client_auth_uri"
}
},
{
"name": "tokenURI",
"attr": {
"type": "String",
- "column": "oauth2client_token_uri"
+ "column": "oa2client_token_uri"
}
},
{
"name": "redirectURIs",
- "attr": {
- "type": "String",
- "column": "oauth2client_redirect_uris"
+ "toMany": {
+ "isNested": true,
+ "type": "Oauth2clientRedirs",
+ "column": "oa2client_id",
+ "inverse": "clientID"
}
},
{
"name": "delegatedAccess",
"attr": {
"type": "String",
- "column": "oauth2client_delegated_access"
+ "column": "oa2client_delegated_access"
}
},
{
"name": "clientX509CertURL",
"attr": {
"type": "String",
- "column": "oauth2client_client_x509_cert_url"
+ "column": "oa2client_client_x509_cert_url"
}
},
{
"name": "authProviderX509CertURL",
"attr": {
"type": "String",
- "column": "oauth2client_auth_provider_x509_cert_url"
+ "column": "oa2client_auth_provider_x509_cert_url"
+ }
+ }
+ ],
+ "isSystem": true
+ },
+ {
+ "context": "xtuple",
+ "nameSpace": "XM",
+ "type": "Oauth2clientRedirs",
+ "table": "xt.oa2clientredirs",
+ "idSequenceName": "oa2clientredirs_oa2clientredirs_id_seq",
+ "comment": "Maps redirect URIs to OAuth 2.0 clients.",
+ "properties": [
+ {
+ "name": "id",
+ "attr": {
+ "type": "Number",
+ "column": "oa2clientredirs_id",
+ "isPrimaryKey": true
+ }
+ },
+ {
+ "name": "clientID",
+ "attr": {
+ "type": "Number",
+ "column": "oa2clientredirs_oa2client_id"
+ }
+ },
+ {
+ "name": "redirectURI",
+ "attr": {
+ "type": "String",
+ "column": "oa2clientredirs_redirect_uri"
}
}
],
@@ -127,142 +162,142 @@
"context": "xtuple",
"nameSpace": "XM",
"type": "Oauth2token",
- "table": "xt.oauth2token",
- "idSequenceName": "oauth2token_oauth2token_id_seq",
+ "table": "xt.oa2token",
+ "idSequenceName": "oa2token_oa2token_id_seq",
"comment": "Defines global OAuth 2.0 server token storage.",
"properties": [
{
"name": "id",
"attr": {
"type": "Number",
- "column": "oauth2token_id",
+ "column": "oa2token_id",
"isPrimaryKey": true
}
},
{
"name": "user",
"attr": {
"type": "String",
- "column": "oauth2token_usr_id"
+ "column": "oa2token_usr_id"
}
},
{
"name": "clientID",
"attr": {
"type": "String",
- "column": "oauth2token_client_id"
+ "column": "oa2token_client_id"
}
},
{
"name": "redirectURI",
"attr": {
"type": "String",
- "column": "oauth2token_redirect_uri"
+ "column": "oa2token_redirect_uri"
}
},
{
"name": "scope",
"attr": {
"type": "String",
- "column": "oauth2token_scope"
+ "column": "oa2token_scope"
}
},
{
"name": "state",
"attr": {
"type": "String",
- "column": "oauth2token_state"
+ "column": "oa2token_state"
}
},
{
"name": "approvalPrompt",
"attr": {
"type": "Boolean",
- "column": "oauth2token_approval_prompt"
+ "column": "oa2token_approval_prompt"
}
},
{
"name": "authCode",
"attr": {
"type": "String",
- "column": "oauth2token_auth_code"
+ "column": "oa2token_auth_code"
}
},
{
"name": "authCodeIssued",
"attr": {
"type": "Date",
- "column": "oauth2token_auth_code_issued"
+ "column": "oa2token_auth_code_issued"
}
},
{
"name": "authCodeExpires",
"attr": {
"type": "Date",
- "column": "oauth2token_auth_code_expires"
+ "column": "oa2token_auth_code_expires"
}
},
{
"name": "refreshToken",
"attr": {
"type": "String",
- "column": "oauth2token_refresh_token"
+ "column": "oa2token_refresh_token"
}
},
{
"name": "refreshIssued",
"attr": {
"type": "Date",
- "column": "oauth2token_refresh_issued"
+ "column": "oa2token_refresh_issued"
}
},
{
"name": "refreshExpires",
"attr": {
"type": "Date",
- "column": "oauth2token_refresh_expires"
+ "column": "oa2token_refresh_expires"
}
},
{
"name": "accessToken",
"attr": {
"type": "String",
- "column": "oauth2token_access_token"
+ "column": "oa2token_access_token"
}
},
{
"name": "accessIssued",
"attr": {
"type": "Date",
- "column": "oauth2token_access_issued"
+ "column": "oa2token_access_issued"
}
},
{
"name": "accessExpires",
"attr": {
"type": "Date",
- "column": "oauth2token_access_expires"
+ "column": "oa2token_access_expires"
}
},
{
"name": "tokenType",
"attr": {
"type": "String",
- "column": "oauth2token_token_type"
+ "column": "oa2token_token_type"
}
},
{
"name": "accessType",
"attr": {
"type": "String",
- "column": "oauth2token_access_type"
+ "column": "oa2token_access_type"
}
},
{
"name": "delegate",
"attr": {
"type": "String",
- "column": "oauth2token_delegate"
+ "column": "oa2token_delegate"
}
}
],
@@ -14,8 +14,9 @@
\i xt/tables/datasource.sql
\i xt/tables/dbserver.sql
\i xt/tables/ext.sql
-\i xt/tables/oauth2client.sql
-\i xt/tables/oauth2token.sql
+\i xt/tables/oa2client.sql
+\i xt/tables/oa2clientredirs.sql
+\i xt/tables/oa2token.sql
\i xt/tables/org.sql
\i xt/tables/orgext.sql
\i xt/tables/session.sql
@@ -0,0 +1,20 @@
+-- table definition
+
+select xt.create_table('oa2client');
+select xt.add_column('oa2client','oa2client_id', 'serial', 'primary key', 'xt', 'oa2client table primary key.');
+select xt.add_column('oa2client','oa2client_client_id', 'text', 'not null unique', 'xt', 'Generated client_id obtained during application registration.');
+select xt.add_column('oa2client','oa2client_client_secret', 'text', 'unique', 'xt', 'The client secret obtained during application registration.');
+select xt.add_column('oa2client','oa2client_client_name', 'text', '', 'xt', 'Name of the client or application.');
+select xt.add_column('oa2client','oa2client_client_email', 'text', '', 'xt', 'Email address of the client.');
+select xt.add_column('oa2client','oa2client_client_web_site', 'text', '', 'xt', 'Web site of the client.');
+select xt.add_column('oa2client','oa2client_client_logo', 'text', '', 'xt', 'URL to client logo image file displayed during auth grant.');
+select xt.add_column('oa2client','oa2client_client_type', 'text', '', 'xt', 'The OAuth 2.0 client type: "web_server", "installed_app", "service_account"');
+select xt.add_column('oa2client','oa2client_active', 'boolean', '', 'xt', 'Flag to make a client active or not.');
+select xt.add_column('oa2client','oa2client_issued', 'timestamp', '', 'xt', 'The datetime that the client was registered');
+select xt.add_column('oa2client','oa2client_auth_uri', 'text', '', 'xt', 'The Authorization Endpoint URI.');
+select xt.add_column('oa2client','oa2client_token_uri', 'text', '', 'xt', 'The Token Endpoint URI.');
+select xt.add_column('oa2client','oa2client_delegated_access', 'boolean', '', 'xt', 'Flag to allow "service_account" client to use delegated access as another user.');
+select xt.add_column('oa2client','oa2client_client_x509_cert_url', '', 'text', 'xt', 'The URL of the public x509 certificate, used to verify JWTs signed by the client.');
+select xt.add_column('oa2client','oa2client_auth_provider_x509_cert_url', 'text', '', 'xt', 'The URL of the public x509 certificate, used to verify the signature on JWTs, such as ID tokens, signed by the authentication provider.');
+
+comment on table xt.oa2client is 'Defines global OAuth 2.0 server registered client storage.';
@@ -0,0 +1,9 @@
+-- table definition
+
+select xt.create_table('oa2clientredirs');
+select xt.add_column('oa2clientredirs','oa2clientredirs_id', 'serial', 'primary key', 'xt', 'oa2clientredirs table primary key.');
+select xt.add_column('oa2clientredirs','oa2clientredirs_oa2client_id', 'integer', 'references xt.oa2client (oa2client_id)', 'xt', 'oa2client_id this redirect URI maps to.');
+select xt.add_column('oa2clientredirs','oa2clientredirs_redirect_uri', 'text', '', 'xt', 'The redirect URI');
+select xt.add_constraint('oa2clientredirs','oa2clientredirs_oa2client_id_redirect_uri', 'unique (oa2clientredirs_oa2client_id, oa2clientredirs_redirect_uri)');
+
+comment on table xt.oa2clientredirs is 'Maps redirect URIs to OAuth 2.0 clients.';
Oops, something went wrong.

0 comments on commit 387ea9b

Please sign in to comment.