12 lines
909 B
SQL
12 lines
909 B
SQL
-- Outbound OIDC session revalidation (single-logout for a private-network RP the
|
|
-- IdP cannot reach). A background worker periodically checks each OIDC login
|
|
-- against its IdP; when the IdP session is gone, the local session is deleted.
|
|
-- oidc_revalidation_mode: '' / 'off' | 'introspect' (RFC 7662) | 'refresh' (refresh-attempt)
|
|
-- oidc_introspection_url: the RFC 7662 endpoint (used when mode = 'introspect')
|
|
-- Sessions keep the refresh token (the session-liveness signal) and the time they
|
|
-- were last revalidated (for due-based, load-bounded scheduling).
|
|
ALTER TABLE auth_providers ADD COLUMN oidc_revalidation_mode TEXT NOT NULL DEFAULT 'off';
|
|
ALTER TABLE auth_providers ADD COLUMN oidc_introspection_url TEXT NOT NULL DEFAULT '';
|
|
ALTER TABLE sessions ADD COLUMN oidc_refresh_token TEXT NOT NULL DEFAULT '';
|
|
ALTER TABLE sessions ADD COLUMN oidc_last_revalidated_at INTEGER NOT NULL DEFAULT 0;
|