28 lines
1.1 KiB
MySQL
28 lines
1.1 KiB
MySQL
|
CREATE TYPE "Audience" AS ENUM (
|
||
|
|
'web',
|
||
|
|
'mobile',
|
||
|
|
'feed',
|
||
|
|
'admin_panel'
|
||
|
|
);
|
||
|
|
|
||
|
|
CREATE TABLE tokens (
|
||
|
|
id serial not null primary key,
|
||
|
|
customer_id uuid not null,
|
||
|
|
role "Role" not null,
|
||
|
|
-- standard fields
|
||
|
|
-- iss (issuer): Issuer of the JWT
|
||
|
|
issuer varchar not null default 'bazzar',
|
||
|
|
-- sub (subject): Subject of the JWT (the user)
|
||
|
|
subject int not null /* account_id */ ,
|
||
|
|
-- aud (audience): Recipient for which the JWT is intended
|
||
|
|
audience "Audience" not null default 'web',
|
||
|
|
-- exp (expiration time): Time after which the JWT expires
|
||
|
|
expiration_time timestamp not null default now() + interval '2 weeks',
|
||
|
|
-- nbt (not before time): Time before which the JWT must not be accepted for processing
|
||
|
|
not_before_time timestamp not null default now() - interval '1 minute',
|
||
|
|
-- iat (issued at time): Time at which the JWT was issued; can be used to determine age of the JWT,
|
||
|
|
issued_at_time timestamp not null default now(),
|
||
|
|
-- jti (JWT ID): Unique identifier; can be used to prevent the JWT from being replayed (allows a token to be used only once)
|
||
|
|
jwt_id uuid not null default gen_random_uuid()
|
||
|
|
);
|