CREATE TYPE "Audience" AS ENUM (
    'web',
    'mobile',
    'feed',
    'admin_panel'
);

CREATE TABLE tokens (
    id serial not null primary key,
    customer_id uuid not null,
    role "Role" not null,
    -- standard fields
    -- iss (issuer): Issuer of the JWT
    issuer varchar not null default 'bazzar',
    -- sub (subject): Subject of the JWT (the user)
    subject int not null /* account_id */ ,
    -- aud (audience): Recipient for which the JWT is intended
    audience "Audience" not null  default 'web',
    -- exp (expiration time): Time after which the JWT expires
    expiration_time timestamp not null default now() + interval '2 weeks',
    -- nbt (not before time): Time before which the JWT must not be accepted for processing
    not_before_time timestamp not null default now() - interval '1 minute',
    -- iat (issued at time): Time at which the JWT was issued; can be used to determine age of the JWT,
    issued_at_time timestamp not null default now(),
    -- jti (JWT ID): Unique identifier; can be used to prevent the JWT from being replayed (allows a token to be used only once)
    jwt_id uuid not null default gen_random_uuid()
);