Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

oAuth 2.0 Database structure

Tags:

database

oauth

I am looking to implement oAuth in my current application. What is a good database structure to store information required, such as token etc-era. Are there any standards?

like image 427
John Avatar asked Jan 25 '13 16:01

John

People also ask

How does OAuth 2.0 authentication work?

How Does OAuth 2.0 Work? At the most basic level, before OAuth 2.0 can be used, the Client must acquire its own credentials, a client id and client secret, from the Authorization Server in order to identify and authenticate itself when requesting an Access Token.

What is OAuth2 framework?

The OAuth 2.0 authorization framework is a protocol that allows a user to grant a third-party web site or application access to the user's protected resources, without necessarily revealing their long-term credentials or even their identity.

How does OAuth2 2.0 work in REST API?

In OAuth 2.0, the following three parties are involved: The user, who possesses data that is accessed through the API and wants to allow the application to access it. The application, which is to access the data through the API on the user's behalf. The API, which controls and enables access to the user's data.

What things does the OAuth 2.0 framework specify?

OAuth 2.0 is an authorization framework for delegated access to APIs. It involves clients that request scopes that Resource Owners authorize/give consent to. Authorization grants are exchanged for access tokens and refresh tokens (depending on flow).

2 Answers

I was considering the same thing. In general, I'm doing:

user_oauth_info
-------------------------------
id (int auto-inc)
user_id (int)
oauth_provider (varchar 20)
acccess_token (varchar 40)
refresh_token  (varchar 40)   
expiry_date (datetime)

A refresh_token is provided by SalesForce; does not expired and is used to get refreshed access_tokens. They only give you one if your callback URL is a mobile device, though, which is irritating.

like image 80
Anthony Avatar answered Oct 09 '22 22:10

Anthony

You could start with what VS2012 suggests for their MVC framework:

webpages_OAuthMembership

Provider nvarchar(30) (clustered primary key)
ProviderUserId nvarchar(100) (clustered primary key)
UserId int

webpages_Membership

UserId int (Primary Key)
CreateDate datetime
ConfirmationToken nvarchar(128)
IsConfirmed bit
LastPasswordFailureDate datetime
PasswordFailuresSinceLastSuccess int
Password nvarchar(128)
PasswordChangedDate datetime
PasswordSalt nvarchar(128)
PasswordVerificationToken nvarchar(128)
PasswordVerificationTokenExpirationDate datetime

Then define your own Users table, something like:

UserID int (Primary Key)
UserName nvarchar(80)
Name nvarchar(80)
Surname nvarchar(80)

I don't really have a reason for doing it this way, but I guess that the Microsoft people that came up with this schema know way more about this than I do, so I think it's great place to start.

like image 27
17xande Avatar answered Oct 09 '22 21:10

17xande
Sign in to Comment

Related questions

How can I enable WCF logging so that it writes to a Database?
Android Full Text Search
Application Design - Database Tables and Interfaces
Exporting/Importing a hierarchical graph from a database
Get the latest inserted id in a trigger?
Preferred way to add surrogate key to existing Oracle DB table
Producer/consumer system using database (MySql), is this feasible?
How to get current date and time from DB using SQLAlchemy
Embedded C data storage module design
Should I Learn C# or Java? [closed]
How does HBase guarantee row level atomicity?
SQLAlchemy losing timezone information with SQLite
How can I backup a MySQL database on AWS?
Need suggestion about MMORPG data model design, database access and stackless python [closed]
MongoDB historical data storage - best practice?
Can redis pipeline multiple commands that depend on previous ones?
In a database, is it better to store a time period as a start/end date, or a start date and a length of time?
mysql partial indexing, reverse indexing
Best Database for remote sensor data logging
C# - Should I use static database connection

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!