Menu
I am looking to implement oAuth in my current application. What is a good database structure to store information required, such as token etc-era. Are there any standards?
427
How Does OAuth 2.0 Work? At the most basic level, before OAuth 2.0 can be used, the Client must acquire its own credentials, a client id and client secret, from the Authorization Server in order to identify and authenticate itself when requesting an Access Token.
The OAuth 2.0 authorization framework is a protocol that allows a user to grant a third-party web site or application access to the user's protected resources, without necessarily revealing their long-term credentials or even their identity.
In OAuth 2.0, the following three parties are involved: The user, who possesses data that is accessed through the API and wants to allow the application to access it. The application, which is to access the data through the API on the user's behalf. The API, which controls and enables access to the user's data.
OAuth 2.0 is an authorization framework for delegated access to APIs. It involves clients that request scopes that Resource Owners authorize/give consent to. Authorization grants are exchanged for access tokens and refresh tokens (depending on flow).
I was considering the same thing. In general, I'm doing:
user_oauth_info
-------------------------------
id (int auto-inc)
user_id (int)
oauth_provider (varchar 20)
acccess_token (varchar 40)
refresh_token (varchar 40)
expiry_date (datetime)
A refresh_token is provided by SalesForce; does not expired and is used to get refreshed access_tokens. They only give you one if your callback URL is a mobile device, though, which is irritating.
80
You could start with what VS2012 suggests for their MVC framework:
webpages_OAuthMembership
Provider nvarchar(30) (clustered primary key)
ProviderUserId nvarchar(100) (clustered primary key)
UserId int
webpages_Membership
UserId int (Primary Key)
CreateDate datetime
ConfirmationToken nvarchar(128)
IsConfirmed bit
LastPasswordFailureDate datetime
PasswordFailuresSinceLastSuccess int
Password nvarchar(128)
PasswordChangedDate datetime
PasswordSalt nvarchar(128)
PasswordVerificationToken nvarchar(128)
PasswordVerificationTokenExpirationDate datetime
Then define your own Users table, something like:
UserID int (Primary Key)
UserName nvarchar(80)
Name nvarchar(80)
Surname nvarchar(80)
I don't really have a reason for doing it this way, but I guess that the Microsoft people that came up with this schema know way more about this than I do, so I think it's great place to start.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
