Gava/agenciapsilmno
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bfe148ef121de5078f77d8fb61c8ca89b3e21e37
agenciapsilmno/database-novo/schema/04_tables/auth.sql

609 lines
19 KiB
SQL
Raw Blame History

-- =============================================================================
-- AgenciaPsi — Tables — auth schema (Supabase GoTrue)
-- =============================================================================
-- auth.users, auth.identities, auth.sessions, auth.refresh_tokens,
-- auth.mfa_*, auth.saml_*, auth.sso_*, auth.flow_state, etc.
-- =============================================================================
CREATE TABLE auth.audit_log_entries (
instance_id uuid,
id uuid NOT NULL,
payload json,
created_at timestamp with time zone,
ip_address character varying(64) DEFAULT ''::character varying NOT NULL
);
ALTER TABLE auth.audit_log_entries OWNER TO supabase_auth_admin;
--
-- Name: TABLE audit_log_entries; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.audit_log_entries IS 'Auth: Audit trail for user actions.';
--
-- Name: flow_state; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.flow_state (
id uuid NOT NULL,
user_id uuid,
auth_code text,
code_challenge_method auth.code_challenge_method,
code_challenge text,
provider_type text NOT NULL,
provider_access_token text,
provider_refresh_token text,
created_at timestamp with time zone,
updated_at timestamp with time zone,
authentication_method text NOT NULL,
auth_code_issued_at timestamp with time zone,
invite_token text,
referrer text,
oauth_client_state_id uuid,
linking_target_id uuid,
email_optional boolean DEFAULT false NOT NULL
);
ALTER TABLE auth.flow_state OWNER TO supabase_auth_admin;
--
-- Name: TABLE flow_state; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.flow_state IS 'Stores metadata for all OAuth/SSO login flows';
--
-- Name: identities; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.identities (
provider_id text NOT NULL,
user_id uuid NOT NULL,
identity_data jsonb NOT NULL,
provider text NOT NULL,
last_sign_in_at timestamp with time zone,
created_at timestamp with time zone,
updated_at timestamp with time zone,
email text GENERATED ALWAYS AS (lower((identity_data ->> 'email'::text))) STORED,
id uuid DEFAULT gen_random_uuid() NOT NULL
);
ALTER TABLE auth.identities OWNER TO supabase_auth_admin;
--
-- Name: TABLE identities; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.identities IS 'Auth: Stores identities associated to a user.';
--
-- Name: COLUMN identities.email; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON COLUMN auth.identities.email IS 'Auth: Email is a generated column that references the optional email property in the identity_data';
--
-- Name: instances; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.instances (
id uuid NOT NULL,
uuid uuid,
raw_base_config text,
created_at timestamp with time zone,
updated_at timestamp with time zone
);
ALTER TABLE auth.instances OWNER TO supabase_auth_admin;
--
-- Name: TABLE instances; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.instances IS 'Auth: Manages users across multiple sites.';
--
-- Name: mfa_amr_claims; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.mfa_amr_claims (
session_id uuid NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
authentication_method text NOT NULL,
id uuid NOT NULL
);
ALTER TABLE auth.mfa_amr_claims OWNER TO supabase_auth_admin;
--
-- Name: TABLE mfa_amr_claims; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.mfa_amr_claims IS 'auth: stores authenticator method reference claims for multi factor authentication';
--
-- Name: mfa_challenges; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.mfa_challenges (
id uuid NOT NULL,
factor_id uuid NOT NULL,
created_at timestamp with time zone NOT NULL,
verified_at timestamp with time zone,
ip_address inet NOT NULL,
otp_code text,
web_authn_session_data jsonb
);
ALTER TABLE auth.mfa_challenges OWNER TO supabase_auth_admin;
--
-- Name: TABLE mfa_challenges; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.mfa_challenges IS 'auth: stores metadata about challenge requests made';
--
-- Name: mfa_factors; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.mfa_factors (
id uuid NOT NULL,
user_id uuid NOT NULL,
friendly_name text,
factor_type auth.factor_type NOT NULL,
status auth.factor_status NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
secret text,
phone text,
last_challenged_at timestamp with time zone,
web_authn_credential jsonb,
web_authn_aaguid uuid,
last_webauthn_challenge_data jsonb
);
ALTER TABLE auth.mfa_factors OWNER TO supabase_auth_admin;
--
-- Name: TABLE mfa_factors; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.mfa_factors IS 'auth: stores metadata about factors';
--
-- Name: COLUMN mfa_factors.last_webauthn_challenge_data; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON COLUMN auth.mfa_factors.last_webauthn_challenge_data IS 'Stores the latest WebAuthn challenge data including attestation/assertion for customer verification';
--
-- Name: oauth_authorizations; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.oauth_authorizations (
id uuid NOT NULL,
authorization_id text NOT NULL,
client_id uuid NOT NULL,
user_id uuid,
redirect_uri text NOT NULL,
scope text NOT NULL,
state text,
resource text,
code_challenge text,
code_challenge_method auth.code_challenge_method,
response_type auth.oauth_response_type DEFAULT 'code'::auth.oauth_response_type NOT NULL,
status auth.oauth_authorization_status DEFAULT 'pending'::auth.oauth_authorization_status NOT NULL,
authorization_code text,
created_at timestamp with time zone DEFAULT now() NOT NULL,
expires_at timestamp with time zone DEFAULT (now() + '00:03:00'::interval) NOT NULL,
approved_at timestamp with time zone,
nonce text,
CONSTRAINT oauth_authorizations_authorization_code_length CHECK ((char_length(authorization_code) <= 255)),
CONSTRAINT oauth_authorizations_code_challenge_length CHECK ((char_length(code_challenge) <= 128)),
CONSTRAINT oauth_authorizations_expires_at_future CHECK ((expires_at > created_at)),
CONSTRAINT oauth_authorizations_nonce_length CHECK ((char_length(nonce) <= 255)),
CONSTRAINT oauth_authorizations_redirect_uri_length CHECK ((char_length(redirect_uri) <= 2048)),
CONSTRAINT oauth_authorizations_resource_length CHECK ((char_length(resource) <= 2048)),
CONSTRAINT oauth_authorizations_scope_length CHECK ((char_length(scope) <= 4096)),
CONSTRAINT oauth_authorizations_state_length CHECK ((char_length(state) <= 4096))
);
ALTER TABLE auth.oauth_authorizations OWNER TO supabase_auth_admin;
--
-- Name: oauth_client_states; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.oauth_client_states (
id uuid NOT NULL,
provider_type text NOT NULL,
code_verifier text,
created_at timestamp with time zone NOT NULL
);
ALTER TABLE auth.oauth_client_states OWNER TO supabase_auth_admin;
--
-- Name: TABLE oauth_client_states; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.oauth_client_states IS 'Stores OAuth states for third-party provider authentication flows where Supabase acts as the OAuth client.';
--
-- Name: oauth_clients; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.oauth_clients (
id uuid NOT NULL,
client_secret_hash text,
registration_type auth.oauth_registration_type NOT NULL,
redirect_uris text NOT NULL,
grant_types text NOT NULL,
client_name text,
client_uri text,
logo_uri text,
created_at timestamp with time zone DEFAULT now() NOT NULL,
updated_at timestamp with time zone DEFAULT now() NOT NULL,
deleted_at timestamp with time zone,
client_type auth.oauth_client_type DEFAULT 'confidential'::auth.oauth_client_type NOT NULL,
token_endpoint_auth_method text NOT NULL,
CONSTRAINT oauth_clients_client_name_length CHECK ((char_length(client_name) <= 1024)),
CONSTRAINT oauth_clients_client_uri_length CHECK ((char_length(client_uri) <= 2048)),
CONSTRAINT oauth_clients_logo_uri_length CHECK ((char_length(logo_uri) <= 2048)),
CONSTRAINT oauth_clients_token_endpoint_auth_method_check CHECK ((token_endpoint_auth_method = ANY (ARRAY['client_secret_basic'::text, 'client_secret_post'::text, 'none'::text])))
);
ALTER TABLE auth.oauth_clients OWNER TO supabase_auth_admin;
--
-- Name: oauth_consents; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.oauth_consents (
id uuid NOT NULL,
user_id uuid NOT NULL,
client_id uuid NOT NULL,
scopes text NOT NULL,
granted_at timestamp with time zone DEFAULT now() NOT NULL,
revoked_at timestamp with time zone,
CONSTRAINT oauth_consents_revoked_after_granted CHECK (((revoked_at IS NULL) OR (revoked_at >= granted_at))),
CONSTRAINT oauth_consents_scopes_length CHECK ((char_length(scopes) <= 2048)),
CONSTRAINT oauth_consents_scopes_not_empty CHECK ((char_length(TRIM(BOTH FROM scopes)) > 0))
);
ALTER TABLE auth.oauth_consents OWNER TO supabase_auth_admin;
--
-- Name: one_time_tokens; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.one_time_tokens (
id uuid NOT NULL,
user_id uuid NOT NULL,
token_type auth.one_time_token_type NOT NULL,
token_hash text NOT NULL,
relates_to text NOT NULL,
created_at timestamp without time zone DEFAULT now() NOT NULL,
updated_at timestamp without time zone DEFAULT now() NOT NULL,
CONSTRAINT one_time_tokens_token_hash_check CHECK ((char_length(token_hash) > 0))
);
ALTER TABLE auth.one_time_tokens OWNER TO supabase_auth_admin;
--
-- Name: refresh_tokens; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.refresh_tokens (
instance_id uuid,
id bigint NOT NULL,
token character varying(255),
user_id character varying(255),
revoked boolean,
created_at timestamp with time zone,
updated_at timestamp with time zone,
parent character varying(255),
session_id uuid
);
ALTER TABLE auth.refresh_tokens OWNER TO supabase_auth_admin;
--
-- Name: TABLE refresh_tokens; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.refresh_tokens IS 'Auth: Store of tokens used to refresh JWT tokens once they expire.';
--
-- Name: refresh_tokens_id_seq; Type: SEQUENCE; Schema: auth; Owner: supabase_auth_admin
--
CREATE SEQUENCE auth.refresh_tokens_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;
ALTER SEQUENCE auth.refresh_tokens_id_seq OWNER TO supabase_auth_admin;
--
-- Name: refresh_tokens_id_seq; Type: SEQUENCE OWNED BY; Schema: auth; Owner: supabase_auth_admin
--
ALTER SEQUENCE auth.refresh_tokens_id_seq OWNED BY auth.refresh_tokens.id;
--
-- Name: saml_providers; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.saml_providers (
id uuid NOT NULL,
sso_provider_id uuid NOT NULL,
entity_id text NOT NULL,
metadata_xml text NOT NULL,
metadata_url text,
attribute_mapping jsonb,
created_at timestamp with time zone,
updated_at timestamp with time zone,
name_id_format text,
CONSTRAINT "entity_id not empty" CHECK ((char_length(entity_id) > 0)),
CONSTRAINT "metadata_url not empty" CHECK (((metadata_url = NULL::text) OR (char_length(metadata_url) > 0))),
CONSTRAINT "metadata_xml not empty" CHECK ((char_length(metadata_xml) > 0))
);
ALTER TABLE auth.saml_providers OWNER TO supabase_auth_admin;
--
-- Name: TABLE saml_providers; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.saml_providers IS 'Auth: Manages SAML Identity Provider connections.';
--
-- Name: saml_relay_states; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.saml_relay_states (
id uuid NOT NULL,
sso_provider_id uuid NOT NULL,
request_id text NOT NULL,
for_email text,
redirect_to text,
created_at timestamp with time zone,
updated_at timestamp with time zone,
flow_state_id uuid,
CONSTRAINT "request_id not empty" CHECK ((char_length(request_id) > 0))
);
ALTER TABLE auth.saml_relay_states OWNER TO supabase_auth_admin;
--
-- Name: TABLE saml_relay_states; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.saml_relay_states IS 'Auth: Contains SAML Relay State information for each Service Provider initiated login.';
--
-- Name: schema_migrations; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.schema_migrations (
version character varying(255) NOT NULL
);
ALTER TABLE auth.schema_migrations OWNER TO supabase_auth_admin;
--
-- Name: TABLE schema_migrations; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.schema_migrations IS 'Auth: Manages updates to the auth system.';
--
-- Name: sessions; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.sessions (
id uuid NOT NULL,
user_id uuid NOT NULL,
created_at timestamp with time zone,
updated_at timestamp with time zone,
factor_id uuid,
aal auth.aal_level,
not_after timestamp with time zone,
refreshed_at timestamp without time zone,
user_agent text,
ip inet,
tag text,
oauth_client_id uuid,
refresh_token_hmac_key text,
refresh_token_counter bigint,
scopes text,
CONSTRAINT sessions_scopes_length CHECK ((char_length(scopes) <= 4096))
);
ALTER TABLE auth.sessions OWNER TO supabase_auth_admin;
--
-- Name: TABLE sessions; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.sessions IS 'Auth: Stores session data associated to a user.';
--
-- Name: COLUMN sessions.not_after; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON COLUMN auth.sessions.not_after IS 'Auth: Not after is a nullable column that contains a timestamp after which the session should be regarded as expired.';
--
-- Name: COLUMN sessions.refresh_token_hmac_key; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON COLUMN auth.sessions.refresh_token_hmac_key IS 'Holds a HMAC-SHA256 key used to sign refresh tokens for this session.';
--
-- Name: COLUMN sessions.refresh_token_counter; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON COLUMN auth.sessions.refresh_token_counter IS 'Holds the ID (counter) of the last issued refresh token.';
--
-- Name: sso_domains; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.sso_domains (
id uuid NOT NULL,
sso_provider_id uuid NOT NULL,
domain text NOT NULL,
created_at timestamp with time zone,
updated_at timestamp with time zone,
CONSTRAINT "domain not empty" CHECK ((char_length(domain) > 0))
);
ALTER TABLE auth.sso_domains OWNER TO supabase_auth_admin;
--
-- Name: TABLE sso_domains; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.sso_domains IS 'Auth: Manages SSO email address domain mapping to an SSO Identity Provider.';
--
-- Name: sso_providers; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.sso_providers (
id uuid NOT NULL,
resource_id text,
created_at timestamp with time zone,
updated_at timestamp with time zone,
disabled boolean,
CONSTRAINT "resource_id not empty" CHECK (((resource_id = NULL::text) OR (char_length(resource_id) > 0)))
);
ALTER TABLE auth.sso_providers OWNER TO supabase_auth_admin;
--
-- Name: TABLE sso_providers; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.sso_providers IS 'Auth: Manages SSO identity provider information; see saml_providers for SAML.';
--
-- Name: COLUMN sso_providers.resource_id; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON COLUMN auth.sso_providers.resource_id IS 'Auth: Uniquely identifies a SSO provider according to a user-chosen resource ID (case insensitive), useful in infrastructure as code.';
--
-- Name: users; Type: TABLE; Schema: auth; Owner: supabase_auth_admin
--
CREATE TABLE auth.users (
instance_id uuid,
id uuid NOT NULL,
aud character varying(255),
role character varying(255),
email character varying(255),
encrypted_password character varying(255),
email_confirmed_at timestamp with time zone,
invited_at timestamp with time zone,
confirmation_token character varying(255),
confirmation_sent_at timestamp with time zone,
recovery_token character varying(255),
recovery_sent_at timestamp with time zone,
email_change_token_new character varying(255),
email_change character varying(255),
email_change_sent_at timestamp with time zone,
last_sign_in_at timestamp with time zone,
raw_app_meta_data jsonb,
raw_user_meta_data jsonb,
is_super_admin boolean,
created_at timestamp with time zone,
updated_at timestamp with time zone,
phone text DEFAULT NULL::character varying,
phone_confirmed_at timestamp with time zone,
phone_change text DEFAULT ''::character varying,
phone_change_token character varying(255) DEFAULT ''::character varying,
phone_change_sent_at timestamp with time zone,
confirmed_at timestamp with time zone GENERATED ALWAYS AS (LEAST(email_confirmed_at, phone_confirmed_at)) STORED,
email_change_token_current character varying(255) DEFAULT ''::character varying,
email_change_confirm_status smallint DEFAULT 0,
banned_until timestamp with time zone,
reauthentication_token character varying(255) DEFAULT ''::character varying,
reauthentication_sent_at timestamp with time zone,
is_sso_user boolean DEFAULT false NOT NULL,
deleted_at timestamp with time zone,
is_anonymous boolean DEFAULT false NOT NULL,
CONSTRAINT users_email_change_confirm_status_check CHECK (((email_change_confirm_status >= 0) AND (email_change_confirm_status <= 2)))
);
ALTER TABLE auth.users OWNER TO supabase_auth_admin;
--
-- Name: TABLE users; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON TABLE auth.users IS 'Auth: Stores user login data within a secure schema.';
--
-- Name: COLUMN users.is_sso_user; Type: COMMENT; Schema: auth; Owner: supabase_auth_admin
--
COMMENT ON COLUMN auth.users.is_sso_user IS 'Auth: Set this column to true when the account comes from SSO. These accounts can have duplicate emails.';
--
-- Name: addon_credits; Type: TABLE; Schema: public; Owner: supabase_admin
--
Reference in New Issue View Git Blame Copy Permalink