-- ============================================================================= -- AgenciaPsi — Tables — auth schema (Supabase GoTrue) -- ============================================================================= -- auth.users, auth.identities, auth.sessions, auth.refresh_tokens, -- auth.mfa_*, auth.saml_*, auth.sso_*, auth.flow_state, etc. -- ============================================================================= CREATE TABLE auth.audit_log_entries ( instance_id uuid, id uuid NOT NULL, payload json, created_at timestamp with time zone, ip_address character varying(64) DEFAULT ''::character varying NOT NULL ); ALTER TABLE auth.audit_log_entries OWNER TO supabase_auth_admin; -- -- Name: TABLE audit_log_entries; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.audit_log_entries IS 'Auth: Audit trail for user actions.'; -- -- Name: flow_state; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.flow_state ( id uuid NOT NULL, user_id uuid, auth_code text, code_challenge_method auth.code_challenge_method, code_challenge text, provider_type text NOT NULL, provider_access_token text, provider_refresh_token text, created_at timestamp with time zone, updated_at timestamp with time zone, authentication_method text NOT NULL, auth_code_issued_at timestamp with time zone, invite_token text, referrer text, oauth_client_state_id uuid, linking_target_id uuid, email_optional boolean DEFAULT false NOT NULL ); ALTER TABLE auth.flow_state OWNER TO supabase_auth_admin; -- -- Name: TABLE flow_state; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.flow_state IS 'Stores metadata for all OAuth/SSO login flows'; -- -- Name: identities; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.identities ( provider_id text NOT NULL, user_id uuid NOT NULL, identity_data jsonb NOT NULL, provider text NOT NULL, last_sign_in_at timestamp with time zone, created_at timestamp with time zone, updated_at timestamp with time zone, email text GENERATED ALWAYS AS (lower((identity_data ->> 'email'::text))) STORED, id uuid DEFAULT gen_random_uuid() NOT NULL ); ALTER TABLE auth.identities OWNER TO supabase_auth_admin; -- -- Name: TABLE identities; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.identities IS 'Auth: Stores identities associated to a user.'; -- -- Name: COLUMN identities.email; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON COLUMN auth.identities.email IS 'Auth: Email is a generated column that references the optional email property in the identity_data'; -- -- Name: instances; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.instances ( id uuid NOT NULL, uuid uuid, raw_base_config text, created_at timestamp with time zone, updated_at timestamp with time zone ); ALTER TABLE auth.instances OWNER TO supabase_auth_admin; -- -- Name: TABLE instances; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.instances IS 'Auth: Manages users across multiple sites.'; -- -- Name: mfa_amr_claims; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.mfa_amr_claims ( session_id uuid NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, authentication_method text NOT NULL, id uuid NOT NULL ); ALTER TABLE auth.mfa_amr_claims OWNER TO supabase_auth_admin; -- -- Name: TABLE mfa_amr_claims; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.mfa_amr_claims IS 'auth: stores authenticator method reference claims for multi factor authentication'; -- -- Name: mfa_challenges; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.mfa_challenges ( id uuid NOT NULL, factor_id uuid NOT NULL, created_at timestamp with time zone NOT NULL, verified_at timestamp with time zone, ip_address inet NOT NULL, otp_code text, web_authn_session_data jsonb ); ALTER TABLE auth.mfa_challenges OWNER TO supabase_auth_admin; -- -- Name: TABLE mfa_challenges; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.mfa_challenges IS 'auth: stores metadata about challenge requests made'; -- -- Name: mfa_factors; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.mfa_factors ( id uuid NOT NULL, user_id uuid NOT NULL, friendly_name text, factor_type auth.factor_type NOT NULL, status auth.factor_status NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, secret text, phone text, last_challenged_at timestamp with time zone, web_authn_credential jsonb, web_authn_aaguid uuid, last_webauthn_challenge_data jsonb ); ALTER TABLE auth.mfa_factors OWNER TO supabase_auth_admin; -- -- Name: TABLE mfa_factors; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.mfa_factors IS 'auth: stores metadata about factors'; -- -- Name: COLUMN mfa_factors.last_webauthn_challenge_data; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON COLUMN auth.mfa_factors.last_webauthn_challenge_data IS 'Stores the latest WebAuthn challenge data including attestation/assertion for customer verification'; -- -- Name: oauth_authorizations; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.oauth_authorizations ( id uuid NOT NULL, authorization_id text NOT NULL, client_id uuid NOT NULL, user_id uuid, redirect_uri text NOT NULL, scope text NOT NULL, state text, resource text, code_challenge text, code_challenge_method auth.code_challenge_method, response_type auth.oauth_response_type DEFAULT 'code'::auth.oauth_response_type NOT NULL, status auth.oauth_authorization_status DEFAULT 'pending'::auth.oauth_authorization_status NOT NULL, authorization_code text, created_at timestamp with time zone DEFAULT now() NOT NULL, expires_at timestamp with time zone DEFAULT (now() + '00:03:00'::interval) NOT NULL, approved_at timestamp with time zone, nonce text, CONSTRAINT oauth_authorizations_authorization_code_length CHECK ((char_length(authorization_code) <= 255)), CONSTRAINT oauth_authorizations_code_challenge_length CHECK ((char_length(code_challenge) <= 128)), CONSTRAINT oauth_authorizations_expires_at_future CHECK ((expires_at > created_at)), CONSTRAINT oauth_authorizations_nonce_length CHECK ((char_length(nonce) <= 255)), CONSTRAINT oauth_authorizations_redirect_uri_length CHECK ((char_length(redirect_uri) <= 2048)), CONSTRAINT oauth_authorizations_resource_length CHECK ((char_length(resource) <= 2048)), CONSTRAINT oauth_authorizations_scope_length CHECK ((char_length(scope) <= 4096)), CONSTRAINT oauth_authorizations_state_length CHECK ((char_length(state) <= 4096)) ); ALTER TABLE auth.oauth_authorizations OWNER TO supabase_auth_admin; -- -- Name: oauth_client_states; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.oauth_client_states ( id uuid NOT NULL, provider_type text NOT NULL, code_verifier text, created_at timestamp with time zone NOT NULL ); ALTER TABLE auth.oauth_client_states OWNER TO supabase_auth_admin; -- -- Name: TABLE oauth_client_states; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.oauth_client_states IS 'Stores OAuth states for third-party provider authentication flows where Supabase acts as the OAuth client.'; -- -- Name: oauth_clients; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.oauth_clients ( id uuid NOT NULL, client_secret_hash text, registration_type auth.oauth_registration_type NOT NULL, redirect_uris text NOT NULL, grant_types text NOT NULL, client_name text, client_uri text, logo_uri text, created_at timestamp with time zone DEFAULT now() NOT NULL, updated_at timestamp with time zone DEFAULT now() NOT NULL, deleted_at timestamp with time zone, client_type auth.oauth_client_type DEFAULT 'confidential'::auth.oauth_client_type NOT NULL, token_endpoint_auth_method text NOT NULL, CONSTRAINT oauth_clients_client_name_length CHECK ((char_length(client_name) <= 1024)), CONSTRAINT oauth_clients_client_uri_length CHECK ((char_length(client_uri) <= 2048)), CONSTRAINT oauth_clients_logo_uri_length CHECK ((char_length(logo_uri) <= 2048)), CONSTRAINT oauth_clients_token_endpoint_auth_method_check CHECK ((token_endpoint_auth_method = ANY (ARRAY['client_secret_basic'::text, 'client_secret_post'::text, 'none'::text]))) ); ALTER TABLE auth.oauth_clients OWNER TO supabase_auth_admin; -- -- Name: oauth_consents; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.oauth_consents ( id uuid NOT NULL, user_id uuid NOT NULL, client_id uuid NOT NULL, scopes text NOT NULL, granted_at timestamp with time zone DEFAULT now() NOT NULL, revoked_at timestamp with time zone, CONSTRAINT oauth_consents_revoked_after_granted CHECK (((revoked_at IS NULL) OR (revoked_at >= granted_at))), CONSTRAINT oauth_consents_scopes_length CHECK ((char_length(scopes) <= 2048)), CONSTRAINT oauth_consents_scopes_not_empty CHECK ((char_length(TRIM(BOTH FROM scopes)) > 0)) ); ALTER TABLE auth.oauth_consents OWNER TO supabase_auth_admin; -- -- Name: one_time_tokens; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.one_time_tokens ( id uuid NOT NULL, user_id uuid NOT NULL, token_type auth.one_time_token_type NOT NULL, token_hash text NOT NULL, relates_to text NOT NULL, created_at timestamp without time zone DEFAULT now() NOT NULL, updated_at timestamp without time zone DEFAULT now() NOT NULL, CONSTRAINT one_time_tokens_token_hash_check CHECK ((char_length(token_hash) > 0)) ); ALTER TABLE auth.one_time_tokens OWNER TO supabase_auth_admin; -- -- Name: refresh_tokens; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.refresh_tokens ( instance_id uuid, id bigint NOT NULL, token character varying(255), user_id character varying(255), revoked boolean, created_at timestamp with time zone, updated_at timestamp with time zone, parent character varying(255), session_id uuid ); ALTER TABLE auth.refresh_tokens OWNER TO supabase_auth_admin; -- -- Name: TABLE refresh_tokens; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.refresh_tokens IS 'Auth: Store of tokens used to refresh JWT tokens once they expire.'; -- -- Name: refresh_tokens_id_seq; Type: SEQUENCE; Schema: auth; Owner: supabase_auth_admin -- CREATE SEQUENCE auth.refresh_tokens_id_seq START WITH 1 INCREMENT BY 1 NO MINVALUE NO MAXVALUE CACHE 1; ALTER SEQUENCE auth.refresh_tokens_id_seq OWNER TO supabase_auth_admin; -- -- Name: refresh_tokens_id_seq; Type: SEQUENCE OWNED BY; Schema: auth; Owner: supabase_auth_admin -- ALTER SEQUENCE auth.refresh_tokens_id_seq OWNED BY auth.refresh_tokens.id; -- -- Name: saml_providers; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.saml_providers ( id uuid NOT NULL, sso_provider_id uuid NOT NULL, entity_id text NOT NULL, metadata_xml text NOT NULL, metadata_url text, attribute_mapping jsonb, created_at timestamp with time zone, updated_at timestamp with time zone, name_id_format text, CONSTRAINT "entity_id not empty" CHECK ((char_length(entity_id) > 0)), CONSTRAINT "metadata_url not empty" CHECK (((metadata_url = NULL::text) OR (char_length(metadata_url) > 0))), CONSTRAINT "metadata_xml not empty" CHECK ((char_length(metadata_xml) > 0)) ); ALTER TABLE auth.saml_providers OWNER TO supabase_auth_admin; -- -- Name: TABLE saml_providers; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.saml_providers IS 'Auth: Manages SAML Identity Provider connections.'; -- -- Name: saml_relay_states; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.saml_relay_states ( id uuid NOT NULL, sso_provider_id uuid NOT NULL, request_id text NOT NULL, for_email text, redirect_to text, created_at timestamp with time zone, updated_at timestamp with time zone, flow_state_id uuid, CONSTRAINT "request_id not empty" CHECK ((char_length(request_id) > 0)) ); ALTER TABLE auth.saml_relay_states OWNER TO supabase_auth_admin; -- -- Name: TABLE saml_relay_states; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.saml_relay_states IS 'Auth: Contains SAML Relay State information for each Service Provider initiated login.'; -- -- Name: schema_migrations; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.schema_migrations ( version character varying(255) NOT NULL ); ALTER TABLE auth.schema_migrations OWNER TO supabase_auth_admin; -- -- Name: TABLE schema_migrations; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.schema_migrations IS 'Auth: Manages updates to the auth system.'; -- -- Name: sessions; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.sessions ( id uuid NOT NULL, user_id uuid NOT NULL, created_at timestamp with time zone, updated_at timestamp with time zone, factor_id uuid, aal auth.aal_level, not_after timestamp with time zone, refreshed_at timestamp without time zone, user_agent text, ip inet, tag text, oauth_client_id uuid, refresh_token_hmac_key text, refresh_token_counter bigint, scopes text, CONSTRAINT sessions_scopes_length CHECK ((char_length(scopes) <= 4096)) ); ALTER TABLE auth.sessions OWNER TO supabase_auth_admin; -- -- Name: TABLE sessions; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.sessions IS 'Auth: Stores session data associated to a user.'; -- -- Name: COLUMN sessions.not_after; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON COLUMN auth.sessions.not_after IS 'Auth: Not after is a nullable column that contains a timestamp after which the session should be regarded as expired.'; -- -- Name: COLUMN sessions.refresh_token_hmac_key; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON COLUMN auth.sessions.refresh_token_hmac_key IS 'Holds a HMAC-SHA256 key used to sign refresh tokens for this session.'; -- -- Name: COLUMN sessions.refresh_token_counter; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON COLUMN auth.sessions.refresh_token_counter IS 'Holds the ID (counter) of the last issued refresh token.'; -- -- Name: sso_domains; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.sso_domains ( id uuid NOT NULL, sso_provider_id uuid NOT NULL, domain text NOT NULL, created_at timestamp with time zone, updated_at timestamp with time zone, CONSTRAINT "domain not empty" CHECK ((char_length(domain) > 0)) ); ALTER TABLE auth.sso_domains OWNER TO supabase_auth_admin; -- -- Name: TABLE sso_domains; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.sso_domains IS 'Auth: Manages SSO email address domain mapping to an SSO Identity Provider.'; -- -- Name: sso_providers; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.sso_providers ( id uuid NOT NULL, resource_id text, created_at timestamp with time zone, updated_at timestamp with time zone, disabled boolean, CONSTRAINT "resource_id not empty" CHECK (((resource_id = NULL::text) OR (char_length(resource_id) > 0))) ); ALTER TABLE auth.sso_providers OWNER TO supabase_auth_admin; -- -- Name: TABLE sso_providers; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.sso_providers IS 'Auth: Manages SSO identity provider information; see saml_providers for SAML.'; -- -- Name: COLUMN sso_providers.resource_id; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON COLUMN auth.sso_providers.resource_id IS 'Auth: Uniquely identifies a SSO provider according to a user-chosen resource ID (case insensitive), useful in infrastructure as code.'; -- -- Name: users; Type: TABLE; Schema: auth; Owner: supabase_auth_admin -- CREATE TABLE auth.users ( instance_id uuid, id uuid NOT NULL, aud character varying(255), role character varying(255), email character varying(255), encrypted_password character varying(255), email_confirmed_at timestamp with time zone, invited_at timestamp with time zone, confirmation_token character varying(255), confirmation_sent_at timestamp with time zone, recovery_token character varying(255), recovery_sent_at timestamp with time zone, email_change_token_new character varying(255), email_change character varying(255), email_change_sent_at timestamp with time zone, last_sign_in_at timestamp with time zone, raw_app_meta_data jsonb, raw_user_meta_data jsonb, is_super_admin boolean, created_at timestamp with time zone, updated_at timestamp with time zone, phone text DEFAULT NULL::character varying, phone_confirmed_at timestamp with time zone, phone_change text DEFAULT ''::character varying, phone_change_token character varying(255) DEFAULT ''::character varying, phone_change_sent_at timestamp with time zone, confirmed_at timestamp with time zone GENERATED ALWAYS AS (LEAST(email_confirmed_at, phone_confirmed_at)) STORED, email_change_token_current character varying(255) DEFAULT ''::character varying, email_change_confirm_status smallint DEFAULT 0, banned_until timestamp with time zone, reauthentication_token character varying(255) DEFAULT ''::character varying, reauthentication_sent_at timestamp with time zone, is_sso_user boolean DEFAULT false NOT NULL, deleted_at timestamp with time zone, is_anonymous boolean DEFAULT false NOT NULL, CONSTRAINT users_email_change_confirm_status_check CHECK (((email_change_confirm_status >= 0) AND (email_change_confirm_status <= 2))) ); ALTER TABLE auth.users OWNER TO supabase_auth_admin; -- -- Name: TABLE users; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON TABLE auth.users IS 'Auth: Stores user login data within a secure schema.'; -- -- Name: COLUMN users.is_sso_user; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin -- COMMENT ON COLUMN auth.users.is_sso_user IS 'Auth: Set this column to true when the account comes from SSO. These accounts can have duplicate emails.'; -- -- Name: addon_credits; Type: TABLE; Schema: public; Owner: supabase_admin --