mirror
/
hydra
mirror of https://github.com/ory/hydra
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: drop flow table defaults 

GitOrigin-RevId: 8635d86b80baa418a9d537f5ff61b66bd47fbfc2
This commit is contained in:
Patrik 2025-12-02 09:40:50 +01:00 committed by ory-bot
parent 8ed407dd6d
commit 1f4b512abf
21 changed files with 699 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
flow/flow.go
View File

@ -457,6 +457,10 @@ func (f *Flow) GetConsentRequest(challenge string) *OAuth2ConsentRequest {
AMR: f.AMR,
Context: f.Context,
}
// set some defaults for the API
if cs.RequestedAudience == nil {
cs.RequestedAudience = []string{}
}
if cs.AMR == nil {
cs.AMR = []string{}
}
@ -553,5 +557,9 @@ func (f Flow) ToListConsentSessionResponse() *OAuth2ConsentSession {
ConsentRequest: f.GetConsentRequest( /* No longer available and no longer needed: challenge = */ ""),
}
s.ConsentRequest.Client.Secret = "" // do not leak client secret in response
// set some defaults for the API
if s.GrantedAudience == nil {
s.GrantedAudience = []string{}
}
return s
}

32
internal/testhelpers/sql_schemas/cockroach_dump.sql
View File

@ -1,4 +1,4 @@
-- migrations hash: f5af1bbf8624fd09cf094c1a5745a255e6ea8d56bc7177e0db9eb73d72f1b3dae0fdf3312458a84550c1f2374b0a1ea6fdd026e22267fbf1808b8e8611fb39c0
-- migrations hash: 50fee568f492d7cbf7edabd240b0b534f15a23da153bdfd04f55cd470a41a9650b3561b8a943d6c35e867fb444b35cf21ae3b242e256fbcbb6b4fe59f10775a7
CREATE TABLE public.schema_migration (
version VARCHAR(48) NOT NULL,
@ -136,35 +136,35 @@ CREATE TABLE public.hydra_oauth2_flow (
client_id VARCHAR(255) NOT NULL,
requested_at TIMESTAMP NOT NULL DEFAULT now():::TIMESTAMP,
login_initialized_at TIMESTAMP NULL,
oidc_context JSONB NOT NULL DEFAULT '{}':::JSONB,
oidc_context JSONB NOT NULL,
login_session_id VARCHAR(40) NULL,
state INT8 NOT NULL,
login_remember BOOL NOT NULL DEFAULT false,
login_remember BOOL NOT NULL,
login_remember_for INT8 NOT NULL,
login_error STRING NULL,
acr STRING NOT NULL DEFAULT '':::STRING,
acr STRING NOT NULL,
login_authenticated_at TIMESTAMP NULL,
login_was_used BOOL NOT NULL DEFAULT false,
forced_subject_identifier VARCHAR(255) NOT NULL DEFAULT '':::STRING::VARCHAR,
context JSONB NULL DEFAULT '{}':::JSONB,
login_was_used BOOL NOT NULL,
forced_subject_identifier VARCHAR(255) NULL,
context JSONB NULL,
consent_challenge_id VARCHAR(40) NULL,
consent_skip BOOL NOT NULL DEFAULT false,
consent_skip BOOL NOT NULL,
consent_verifier VARCHAR(40) NULL,
consent_csrf VARCHAR(40) NULL,
consent_remember BOOL NOT NULL DEFAULT false,
consent_remember BOOL NOT NULL,
consent_remember_for INT8 NULL,
consent_handled_at TIMESTAMP NULL,
consent_error STRING NULL,
session_access_token JSONB NOT NULL DEFAULT '{}':::JSONB,
session_id_token JSONB NOT NULL DEFAULT '{}':::JSONB,
consent_was_used BOOL NOT NULL DEFAULT false,
session_access_token JSONB NOT NULL,
session_id_token JSONB NOT NULL,
consent_was_used BOOL NOT NULL,
nid UUID NOT NULL,
requested_scope JSONB NOT NULL,
requested_at_audience JSONB NULL DEFAULT '[]':::JSONB,
amr JSONB NULL DEFAULT '[]':::JSONB,
requested_at_audience JSONB NULL,
amr JSONB NULL,
granted_scope JSONB NULL,
granted_at_audience JSONB NULL DEFAULT '[]':::JSONB,
login_extend_session_lifespan BOOL NOT NULL DEFAULT false,
granted_at_audience JSONB NULL,
login_extend_session_lifespan BOOL NULL,
identity_provider_session_id VARCHAR(40) NULL,
device_challenge_id VARCHAR(255) NULL,
device_code_request_id VARCHAR(255) NULL,

32
internal/testhelpers/sql_schemas/mysql_dump.sql
View File

@ -1,4 +1,4 @@
-- migrations hash: f5af1bbf8624fd09cf094c1a5745a255e6ea8d56bc7177e0db9eb73d72f1b3dae0fdf3312458a84550c1f2374b0a1ea6fdd026e22267fbf1808b8e8611fb39c0
-- migrations hash: 50fee568f492d7cbf7edabd240b0b534f15a23da153bdfd04f55cd470a41a9650b3561b8a943d6c35e867fb444b35cf21ae3b242e256fbcbb6b4fe59f10775a7
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
@ -225,35 +225,35 @@ CREATE TABLE `hydra_oauth2_flow` (
`client_id` varchar(255) NOT NULL,
`requested_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`login_initialized_at` timestamp NULL DEFAULT NULL,
`oidc_context` json NOT NULL DEFAULT (_utf8mb4'{}'),
`oidc_context` json NOT NULL,
`login_session_id` varchar(40),
`state` smallint NOT NULL,
`login_remember` tinyint(1) NOT NULL DEFAULT '0',
`login_remember` tinyint(1) NOT NULL,
`login_remember_for` int NOT NULL,
`login_error` text,
`acr` text NOT NULL DEFAULT (_utf8mb4''),
`acr` text NOT NULL,
`login_authenticated_at` timestamp NULL DEFAULT NULL,
`login_was_used` tinyint(1) NOT NULL DEFAULT '0',
`forced_subject_identifier` varchar(255) NOT NULL DEFAULT '',
`context` json NOT NULL DEFAULT (_utf8mb4'{}'),
`login_was_used` tinyint(1) NOT NULL,
`forced_subject_identifier` varchar(255) DEFAULT NULL,
`context` json NOT NULL,
`consent_challenge_id` varchar(40) DEFAULT NULL,
`consent_skip` tinyint(1) NOT NULL DEFAULT '0',
`consent_skip` tinyint(1) NOT NULL,
`consent_verifier` varchar(40) DEFAULT NULL,
`consent_csrf` varchar(40) DEFAULT NULL,
`consent_remember` tinyint(1) NOT NULL DEFAULT '0',
`consent_remember` tinyint(1) NOT NULL,
`consent_remember_for` int DEFAULT NULL,
`consent_handled_at` timestamp NULL DEFAULT NULL,
`consent_error` text,
`session_access_token` json NOT NULL DEFAULT (_utf8mb4'{}'),
`session_id_token` json NOT NULL DEFAULT (_utf8mb4'{}'),
`consent_was_used` tinyint(1) DEFAULT NULL,
`session_access_token` json NOT NULL,
`session_id_token` json NOT NULL,
`consent_was_used` tinyint(1),
`nid` char(36) NOT NULL,
`requested_scope` json NOT NULL,
`requested_at_audience` json DEFAULT (_utf8mb4'[]'),
`amr` json DEFAULT (_utf8mb4'[]'),
`requested_at_audience` json,
`amr` json,
`granted_scope` json DEFAULT NULL,
`granted_at_audience` json DEFAULT (_utf8mb4'[]'),
`login_extend_session_lifespan` tinyint(1) NOT NULL DEFAULT '0',
`granted_at_audience` json,
`login_extend_session_lifespan` tinyint(1) DEFAULT NULL,
`identity_provider_session_id` varchar(40) DEFAULT NULL,
`device_challenge_id` varchar(255) DEFAULT NULL,
`device_code_request_id` varchar(255) DEFAULT NULL,

32
internal/testhelpers/sql_schemas/postgres_dump.sql
View File

@ -1,4 +1,4 @@
-- migrations hash: f5af1bbf8624fd09cf094c1a5745a255e6ea8d56bc7177e0db9eb73d72f1b3dae0fdf3312458a84550c1f2374b0a1ea6fdd026e22267fbf1808b8e8611fb39c0
-- migrations hash: 50fee568f492d7cbf7edabd240b0b534f15a23da153bdfd04f55cd470a41a9650b3561b8a943d6c35e867fb444b35cf21ae3b242e256fbcbb6b4fe59f10775a7
@ -202,35 +202,35 @@ CREATE TABLE public.hydra_oauth2_flow (
client_id character varying(255) NOT NULL,
requested_at timestamp without time zone DEFAULT now() NOT NULL,
login_initialized_at timestamp without time zone,
oidc_context jsonb DEFAULT '{}'::jsonb NOT NULL,
oidc_context jsonb NOT NULL,
login_session_id character varying(40),
state integer NOT NULL,
login_remember boolean DEFAULT false NOT NULL,
login_remember boolean NOT NULL,
login_remember_for integer NOT NULL,
login_error text,
acr text DEFAULT ''::text NOT NULL,
acr text NOT NULL,
login_authenticated_at timestamp without time zone,
login_was_used boolean DEFAULT false NOT NULL,
forced_subject_identifier character varying(255) DEFAULT ''::character varying NOT NULL,
context jsonb DEFAULT '{}'::jsonb NOT NULL,
login_was_used boolean NOT NULL,
forced_subject_identifier character varying(255),
context jsonb NOT NULL,
consent_challenge_id character varying(40),
consent_skip boolean DEFAULT false NOT NULL,
consent_skip boolean NOT NULL,
consent_verifier character varying(40),
consent_csrf character varying(40),
consent_remember boolean DEFAULT false NOT NULL,
consent_remember boolean NOT NULL,
consent_remember_for integer,
consent_handled_at timestamp without time zone,
consent_error text,
session_access_token jsonb DEFAULT '{}'::jsonb NOT NULL,
session_id_token jsonb DEFAULT '{}'::jsonb NOT NULL,
consent_was_used boolean DEFAULT false NOT NULL,
session_access_token jsonb NOT NULL,
session_id_token jsonb NOT NULL,
consent_was_used boolean NOT NULL,
nid uuid NOT NULL,
requested_scope jsonb NOT NULL,
requested_at_audience jsonb DEFAULT '[]'::jsonb,
amr jsonb DEFAULT '[]'::jsonb,
requested_at_audience jsonb,
amr jsonb,
granted_scope jsonb,
granted_at_audience jsonb DEFAULT '[]'::jsonb,
login_extend_session_lifespan boolean DEFAULT false NOT NULL,
granted_at_audience jsonb,
login_extend_session_lifespan boolean,
identity_provider_session_id character varying(40),
device_challenge_id character varying(255),
device_code_request_id character varying(255),

236
internal/testhelpers/sql_schemas/sqlite3_dump.sql
View File

@ -1,4 +1,4 @@
-- migrations hash: f5af1bbf8624fd09cf094c1a5745a255e6ea8d56bc7177e0db9eb73d72f1b3dae0fdf3312458a84550c1f2374b0a1ea6fdd026e22267fbf1808b8e8611fb39c0
-- migrations hash: 50fee568f492d7cbf7edabd240b0b534f15a23da153bdfd04f55cd470a41a9650b3561b8a943d6c35e867fb444b35cf21ae3b242e256fbcbb6b4fe59f10775a7
CREATE TABLE "hydra_client"
(
@ -148,131 +148,137 @@ CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device
CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (nid, user_code_signature);
CREATE TABLE "hydra_oauth2_flow" (
login_challenge VARCHAR(40) NOT NULL PRIMARY KEY,
nid CHAR(36) NOT NULL,
requested_scope TEXT NOT NULL,
login_verifier VARCHAR(40) NOT NULL,
login_csrf VARCHAR(40) NOT NULL,
subject VARCHAR(255) NOT NULL,
request_url TEXT NOT NULL,
login_skip INTEGER NOT NULL,
client_id VARCHAR(255) NOT NULL,
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
oidc_context TEXT NOT NULL,
login_session_id VARCHAR(40) NULL REFERENCES hydra_oauth2_authentication_session (id) ON DELETE SET NULL,
requested_at_audience TEXT NULL DEFAULT '',
login_initialized_at TIMESTAMP NULL,
login_challenge VARCHAR(40) NOT NULL PRIMARY KEY,
nid CHAR(36) NOT NULL,
requested_scope TEXT NOT NULL,
login_verifier VARCHAR(40) NOT NULL,
login_csrf VARCHAR(40) NOT NULL,
subject VARCHAR(255) NOT NULL,
request_url TEXT NOT NULL,
login_skip INTEGER NOT NULL,
client_id VARCHAR(255) NOT NULL,
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
oidc_context TEXT NOT NULL,
login_session_id VARCHAR(40) NULL REFERENCES hydra_oauth2_authentication_session (id) ON DELETE SET NULL,
requested_at_audience TEXT NULL,
login_initialized_at TIMESTAMP NULL,
state INTEGER NOT NULL,
state INTEGER NOT NULL,
login_remember INTEGER NULL,
login_remember_for INTEGER NULL,
login_error TEXT NULL,
acr TEXT NULL,
login_authenticated_at TIMESTAMP NULL,
login_was_used INTEGER NULL,
forced_subject_identifier VARCHAR(255) NULL DEFAULT '',
context TEXT NULL DEFAULT '{}',
amr TEXT NULL DEFAULT '',
login_remember INTEGER NULL,
login_remember_for INTEGER NULL,
login_error TEXT NULL,
acr TEXT NULL,
login_authenticated_at TIMESTAMP NULL,
login_was_used INTEGER NULL,
forced_subject_identifier VARCHAR(255) NULL,
context TEXT NULL,
amr TEXT NULL,
consent_challenge_id VARCHAR(40) NULL,
consent_skip INTEGER NULL DEFAULT false,
consent_verifier VARCHAR(40) NULL,
consent_csrf VARCHAR(40) NULL,
consent_challenge_id VARCHAR(40) NULL,
consent_skip INTEGER NULL,
consent_verifier VARCHAR(40) NULL,
consent_csrf VARCHAR(40) NULL,
granted_scope TEXT NULL,
granted_at_audience TEXT NULL DEFAULT '',
consent_remember INTEGER NULL DEFAULT 0,
consent_remember_for INTEGER NULL,
consent_handled_at TIMESTAMP NULL,
consent_was_used INTEGER NOT NULL DEFAULT false,
consent_error TEXT NULL,
session_id_token TEXT NULL DEFAULT '{}',
session_access_token TEXT NULL DEFAULT '{}', login_extend_session_lifespan BOOLEAN NOT NULL DEFAULT FALSE, identity_provider_session_id VARCHAR(40), device_challenge_id VARCHAR(255) NULL, device_code_request_id VARCHAR(255) NULL, device_verifier VARCHAR(40) NULL, device_csrf VARCHAR(40) NULL, device_was_used BOOLEAN NULL, device_handled_at TIMESTAMP NULL, device_error VARCHAR(2048) NULL, expires_at TIMESTAMP
GENERATED ALWAYS AS (if(consent_remember_for > 0, datetime(requested_at, '+' || consent_remember_for || ' seconds'), NULL)) VIRTUAL,
granted_scope TEXT NULL,
granted_at_audience TEXT NULL,
consent_remember INTEGER NULL,
consent_remember_for INTEGER NULL,
consent_handled_at TIMESTAMP NULL,
consent_was_used INTEGER NOT NULL,
consent_error TEXT NULL,
session_id_token TEXT NULL,
session_access_token TEXT NULL,
login_extend_session_lifespan BOOLEAN NULL,
identity_provider_session_id VARCHAR(40) NULL,
device_challenge_id VARCHAR(255) NULL,
device_code_request_id VARCHAR(255) NULL,
device_verifier VARCHAR(40) NULL,
device_csrf VARCHAR(40) NULL,
device_was_used BOOLEAN NULL,
device_handled_at TIMESTAMP NULL,
device_error VARCHAR(2048) NULL,
expires_at TIMESTAMP GENERATED ALWAYS AS (if(consent_remember_for > 0,
datetime(requested_at, '+' || consent_remember_for || ' seconds'),
NULL)) VIRTUAL,
FOREIGN KEY (client_id, nid) REFERENCES hydra_client (id, nid) ON DELETE CASCADE,
CHECK (
state = 128 OR
state = 129 OR
state = 1 OR
(state = 2 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL
)) OR
(state = 3 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL
)) OR
(state = 4 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL
)) OR
(state = 5 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL
)) OR
(state = 6 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL AND
granted_scope IS NOT NULL AND
consent_remember IS NOT NULL AND
consent_remember_for IS NOT NULL AND
consent_error IS NOT NULL AND
session_access_token IS NOT NULL AND
session_id_token IS NOT NULL AND
consent_was_used IS NOT NULL
))
FOREIGN KEY (client_id, nid) REFERENCES hydra_client (id, nid) ON DELETE CASCADE,
CHECK (
state = 128 OR
state = 129 OR
state = 1 OR
(state = 2 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL
)) OR
(state = 3 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL
)) OR
(state = 4 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL
)) OR
(state = 5 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL
)) OR
(state = 6 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL AND
granted_scope IS NOT NULL AND
consent_remember IS NOT NULL AND
consent_remember_for IS NOT NULL AND
consent_error IS NOT NULL AND
session_access_token IS NOT NULL AND
session_id_token IS NOT NULL AND
consent_was_used IS NOT NULL
))
)
);
CREATE INDEX hydra_oauth2_flow_client_id_idx ON hydra_oauth2_flow (client_id, nid);
CREATE UNIQUE INDEX hydra_oauth2_flow_consent_challenge_id_idx ON hydra_oauth2_flow (consent_challenge_id);
CREATE UNIQUE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
CREATE INDEX hydra_oauth2_flow_login_session_id_idx ON hydra_oauth2_flow (login_session_id);
CREATE INDEX hydra_oauth2_flow_previous_consents_idx
ON hydra_oauth2_flow (subject, client_id, nid, consent_skip, consent_error, consent_remember);
CREATE INDEX hydra_oauth2_flow_previous_consents_idx ON hydra_oauth2_flow (subject, client_id, nid, consent_skip,
consent_error, consent_remember);
CREATE INDEX hydra_oauth2_flow_subject_idx ON hydra_oauth2_flow (subject, nid);
CREATE TABLE "hydra_oauth2_jti_blacklist" (
signature VARCHAR(64) NOT NULL,

37
persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0019.json Normal file
View File

@ -0,0 +1,37 @@
{
"i": "challenge-0019",
"n": "24704dcb-0ab9-4bfa-a84c-405932ae53fe",
"rs": [
"requested_scope-0019_1",
"requested_scope-0019_2"
],
"s": "subject-0019",
"oc": {
"display": "display-0019"
},
"ci": "client-21",
"r": "http://request/0019",
"ia": "2022-02-15T22:20:21Z",
"a": "acr-0019",
"ct": {},
"la": null,
"di": "device-challenge-0019",
"dr": "device-request-id-0019",
"dh": null,
"cc": "challenge-0019",
"cs": true,
"gs": [
"granted_scope-0019_1",
"granted_scope-0019_2"
],
"ce": true,
"cf": 15,
"ch": "2025-05-16T12:24:00Z",
"cx": null,
"st": {
"session_id_token-0019": "0019"
},
"sa": {
"session_access_token-0019": "0019"
}
}

2
persistence/sql/migratest/migration_test.go
View File

@ -142,7 +142,7 @@ func TestMigrations(t *testing.T) {
flows := []flow.Flow{}
require.NoError(t, c.All(&flows))
require.Len(t, flows, 18)
require.Len(t, flows, 19)
t.Run("case=hydra_oauth2_flow", func(t *testing.T) {
for _, f := range flows {

55
persistence/sql/migratest/testdata/20251119112639_testdata.sql vendored Normal file
View File

@ -0,0 +1,55 @@
INSERT INTO hydra_oauth2_flow (login_challenge,
nid,
requested_scope,
login_verifier,
login_csrf,
subject,
request_url,
login_skip,
client_id,
requested_at,
oidc_context,
login_session_id,
requested_at_audience,
login_initialized_at,
state,
login_remember,
login_remember_for,
login_error,
acr,
login_authenticated_at,
login_was_used,
forced_subject_identifier,
context,
amr,
consent_challenge_id,
consent_verifier,
consent_skip,
consent_csrf,
granted_scope,
consent_remember,
consent_remember_for,
consent_error,
session_access_token,
session_id_token,
consent_was_used,
granted_at_audience,
consent_handled_at,
login_extend_session_lifespan,
device_challenge_id,
device_code_request_id,
device_verifier,
device_csrf,
device_was_used,
device_handled_at,
device_error)
VALUES ('challenge-0019',
'24704dcb-0ab9-4bfa-a84c-405932ae53fe', '["requested_scope-0019_1","requested_scope-0019_2"]', 'verifier-0019',
'csrf-0019', 'subject-0019', 'http://request/0019', true, 'client-21', '2022-02-15 22:20:21',
'{"display": "display-0019"}', NULL, NULL,
'2022-02-15 22:20:21', 128, true, 15, '{}', 'acr-0019', '2022-02-15 22:20:21', true, NULL,
'{}', NULL, 'challenge-0019', 'verifier-0019', true, 'csrf-0019',
'["granted_scope-0019_1","granted_scope-0019_2"]', true, 15, '{}', '{"session_access_token-0019": "0019"}',
'{"session_id_token-0019": "0019"}', true, NULL,
'2025-05-16 12:24', NULL, 'device-challenge-0019', 'device-request-id-0019', 'device-verifier-0019',
'device-csrf-0019', true, '2025-05-16 12:24', '{}');

3
persistence/sql/migrations/20251119112639000000_flow_drop_defaults.down.sql Normal file
View File

@ -0,0 +1,3 @@
ALTER TABLE hydra_oauth2_flow
ALTER COLUMN login_extend_session_lifespan SET NOT NULL,
ALTER COLUMN forced_subject_identifier SET NOT NULL;

3
persistence/sql/migrations/20251119112639000000_flow_drop_defaults.mysql.down.sql Normal file
View File

@ -0,0 +1,3 @@
ALTER TABLE hydra_oauth2_flow
MODIFY COLUMN login_extend_session_lifespan tinyint(1) NOT NULL DEFAULT FALSE,
MODIFY COLUMN forced_subject_identifier varchar(255) NOT NULL DEFAULT '';

19
persistence/sql/migrations/20251119112639000000_flow_drop_defaults.mysql.up.sql Normal file
View File

@ -0,0 +1,19 @@
ALTER TABLE hydra_oauth2_flow
-- We need to drop these NOT NULL constraints, because the fields are actually not used anymore in the code, and therefore cannot be set by it.
-- Mysql has issues with two changes to the same column in one statement, therefore we need to use MODIFY COLUMN here to both drop the default and constraint.
MODIFY COLUMN forced_subject_identifier varchar(255) NULL,
MODIFY COLUMN login_extend_session_lifespan tinyint(1) NULL,
ALTER COLUMN requested_at_audience DROP DEFAULT,
ALTER COLUMN amr DROP DEFAULT,
ALTER COLUMN granted_at_audience DROP DEFAULT,
ALTER COLUMN oidc_context DROP DEFAULT,
ALTER COLUMN context DROP DEFAULT,
ALTER COLUMN acr DROP DEFAULT,
ALTER COLUMN consent_skip DROP DEFAULT,
ALTER COLUMN consent_remember DROP DEFAULT,
ALTER COLUMN login_remember DROP DEFAULT,
ALTER COLUMN consent_was_used DROP DEFAULT,
ALTER COLUMN login_was_used DROP DEFAULT,
ALTER COLUMN session_id_token DROP DEFAULT,
ALTER COLUMN session_access_token DROP DEFAULT;

143
persistence/sql/migrations/20251119112639000000_flow_drop_defaults.sqlite.down.sql Normal file
View File

@ -0,0 +1,143 @@
CREATE TABLE hydra_oauth2_flow_prev (
login_challenge VARCHAR(40) NOT NULL PRIMARY KEY,
nid CHAR(36) NOT NULL,
requested_scope TEXT NOT NULL,
login_verifier VARCHAR(40) NOT NULL,
login_csrf VARCHAR(40) NOT NULL,
subject VARCHAR(255) NOT NULL,
request_url TEXT NOT NULL,
login_skip INTEGER NOT NULL,
client_id VARCHAR(255) NOT NULL,
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
oidc_context TEXT NOT NULL,
login_session_id VARCHAR(40) NULL REFERENCES hydra_oauth2_authentication_session (id) ON DELETE SET NULL,
requested_at_audience TEXT NULL DEFAULT '[]',
login_initialized_at TIMESTAMP NULL,
state INTEGER NOT NULL,
login_remember INTEGER NULL,
login_remember_for INTEGER NULL,
login_error TEXT NULL,
acr TEXT NULL,
login_authenticated_at TIMESTAMP NULL,
login_was_used INTEGER NULL,
forced_subject_identifier VARCHAR(255) NULL DEFAULT '',
context TEXT NULL DEFAULT '{}',
amr TEXT NULL DEFAULT '[]',
consent_challenge_id VARCHAR(40) NULL,
consent_skip INTEGER NULL DEFAULT false,
consent_verifier VARCHAR(40) NULL,
consent_csrf VARCHAR(40) NULL,
granted_scope TEXT NULL,
granted_at_audience TEXT NULL DEFAULT '',
consent_remember INTEGER NULL DEFAULT 0,
consent_remember_for INTEGER NULL,
consent_handled_at TIMESTAMP NULL,
consent_was_used INTEGER NOT NULL DEFAULT false,
consent_error TEXT NULL,
session_id_token TEXT NULL DEFAULT '{}',
session_access_token TEXT NULL DEFAULT '{}',
login_extend_session_lifespan BOOLEAN NULL DEFAULT FALSE,
identity_provider_session_id VARCHAR(40) NULL,
device_challenge_id VARCHAR(255) NULL,
device_code_request_id VARCHAR(255) NULL,
device_verifier VARCHAR(40) NULL,
device_csrf VARCHAR(40) NULL,
device_was_used BOOLEAN NULL,
device_handled_at TIMESTAMP NULL,
device_error VARCHAR(2048) NULL,
expires_at TIMESTAMP GENERATED ALWAYS AS (if(consent_remember_for > 0, datetime(requested_at, '+' || consent_remember_for || ' seconds'), NULL)) VIRTUAL,
FOREIGN KEY (client_id, nid) REFERENCES hydra_client (id, nid) ON DELETE CASCADE,
CHECK (
state = 128 OR
state = 129 OR
state = 1 OR
(state = 2 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL
)) OR
(state = 3 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL
)) OR
(state = 4 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL
)) OR
(state = 5 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL
)) OR
(state = 6 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL AND
granted_scope IS NOT NULL AND
consent_remember IS NOT NULL AND
consent_remember_for IS NOT NULL AND
consent_error IS NOT NULL AND
session_access_token IS NOT NULL AND
session_id_token IS NOT NULL AND
consent_was_used IS NOT NULL
))
)
);
INSERT INTO hydra_oauth2_flow_prev (login_challenge, nid, requested_scope, login_verifier, login_csrf, subject, request_url, login_skip, client_id, requested_at, oidc_context, login_session_id, requested_at_audience, login_initialized_at, state, login_remember, login_remember_for, login_error, acr, login_authenticated_at, login_was_used, forced_subject_identifier, context, amr, consent_challenge_id, consent_skip, consent_verifier, consent_csrf, granted_scope, granted_at_audience, consent_remember, consent_remember_for, consent_handled_at, consent_was_used, consent_error, session_id_token, session_access_token, login_extend_session_lifespan, identity_provider_session_id, device_challenge_id, device_code_request_id, device_verifier, device_csrf, device_was_used, device_handled_at, device_error)
SELECT login_challenge, nid, requested_scope, login_verifier, login_csrf, subject, request_url, login_skip, client_id, requested_at, oidc_context, login_session_id, requested_at_audience, login_initialized_at, state, login_remember, login_remember_for, login_error, acr, login_authenticated_at, login_was_used, forced_subject_identifier, context, amr, consent_challenge_id, consent_skip, consent_verifier, consent_csrf, granted_scope, granted_at_audience, consent_remember, consent_remember_for, consent_handled_at, consent_was_used, consent_error, session_id_token, session_access_token, login_extend_session_lifespan, identity_provider_session_id, device_challenge_id, device_code_request_id, device_verifier, device_csrf, device_was_used, device_handled_at, device_error
FROM hydra_oauth2_flow;
DROP TABLE hydra_oauth2_flow;
ALTER TABLE hydra_oauth2_flow_prev RENAME TO hydra_oauth2_flow;
CREATE INDEX hydra_oauth2_flow_client_id_idx ON hydra_oauth2_flow (client_id, nid);
CREATE INDEX hydra_oauth2_flow_login_session_id_idx ON hydra_oauth2_flow (login_session_id);
CREATE INDEX hydra_oauth2_flow_subject_idx ON hydra_oauth2_flow (subject, nid);
CREATE UNIQUE INDEX hydra_oauth2_flow_consent_challenge_id_idx ON hydra_oauth2_flow (consent_challenge_id);
CREATE INDEX hydra_oauth2_flow_previous_consents_idx ON hydra_oauth2_flow (subject, client_id, nid, consent_skip, consent_error, consent_remember);
CREATE UNIQUE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);

198
persistence/sql/migrations/20251119112639000000_flow_drop_defaults.sqlite.up.sql Normal file
View File

@ -0,0 +1,198 @@
CREATE TABLE hydra_oauth2_flow_next (
login_challenge VARCHAR(40) NOT NULL PRIMARY KEY,
nid CHAR(36) NOT NULL,
requested_scope TEXT NOT NULL,
login_verifier VARCHAR(40) NOT NULL,
login_csrf VARCHAR(40) NOT NULL,
subject VARCHAR(255) NOT NULL,
request_url TEXT NOT NULL,
login_skip INTEGER NOT NULL,
client_id VARCHAR(255) NOT NULL,
requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
oidc_context TEXT NOT NULL,
login_session_id VARCHAR(40) NULL REFERENCES hydra_oauth2_authentication_session (id) ON DELETE SET NULL,
requested_at_audience TEXT NULL,
login_initialized_at TIMESTAMP NULL,
state INTEGER NOT NULL,
login_remember INTEGER NULL,
login_remember_for INTEGER NULL,
login_error TEXT NULL,
acr TEXT NULL,
login_authenticated_at TIMESTAMP NULL,
login_was_used INTEGER NULL,
forced_subject_identifier VARCHAR(255) NULL,
context TEXT NULL,
amr TEXT NULL,
consent_challenge_id VARCHAR(40) NULL,
consent_skip INTEGER NULL,
consent_verifier VARCHAR(40) NULL,
consent_csrf VARCHAR(40) NULL,
granted_scope TEXT NULL,
granted_at_audience TEXT NULL,
consent_remember INTEGER NULL,
consent_remember_for INTEGER NULL,
consent_handled_at TIMESTAMP NULL,
consent_was_used INTEGER NOT NULL,
consent_error TEXT NULL,
session_id_token TEXT NULL,
session_access_token TEXT NULL,
login_extend_session_lifespan BOOLEAN NULL,
identity_provider_session_id VARCHAR(40) NULL,
device_challenge_id VARCHAR(255) NULL,
device_code_request_id VARCHAR(255) NULL,
device_verifier VARCHAR(40) NULL,
device_csrf VARCHAR(40) NULL,
device_was_used BOOLEAN NULL,
device_handled_at TIMESTAMP NULL,
device_error VARCHAR(2048) NULL,
expires_at TIMESTAMP GENERATED ALWAYS AS (if(consent_remember_for > 0,
datetime(requested_at, '+' || consent_remember_for || ' seconds'),
NULL)) VIRTUAL,
FOREIGN KEY (client_id, nid) REFERENCES hydra_client (id, nid) ON DELETE CASCADE,
CHECK (
state = 128 OR
state = 129 OR
state = 1 OR
(state = 2 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL
)) OR
(state = 3 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL
)) OR
(state = 4 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL
)) OR
(state = 5 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL
)) OR
(state = 6 AND (
login_remember IS NOT NULL AND
login_remember_for IS NOT NULL AND
login_error IS NOT NULL AND
acr IS NOT NULL AND
login_was_used IS NOT NULL AND
context IS NOT NULL AND
amr IS NOT NULL AND
consent_challenge_id IS NOT NULL AND
consent_verifier IS NOT NULL AND
consent_skip IS NOT NULL AND
consent_csrf IS NOT NULL AND
granted_scope IS NOT NULL AND
consent_remember IS NOT NULL AND
consent_remember_for IS NOT NULL AND
consent_error IS NOT NULL AND
session_access_token IS NOT NULL AND
session_id_token IS NOT NULL AND
consent_was_used IS NOT NULL
))
)
);
INSERT INTO hydra_oauth2_flow_next (login_challenge, nid, requested_scope, login_verifier, login_csrf, subject,
request_url, login_skip, client_id, requested_at, oidc_context, login_session_id,
requested_at_audience, login_initialized_at, state, login_remember,
login_remember_for, login_error, acr, login_authenticated_at, login_was_used,
forced_subject_identifier, context, amr, consent_challenge_id, consent_skip,
consent_verifier, consent_csrf, granted_scope, granted_at_audience,
consent_remember, consent_remember_for, consent_handled_at, consent_was_used,
consent_error, session_id_token, session_access_token,
login_extend_session_lifespan, identity_provider_session_id, device_challenge_id,
device_code_request_id, device_verifier, device_csrf, device_was_used,
device_handled_at, device_error)
SELECT login_challenge,
nid,
requested_scope,
login_verifier,
login_csrf,
subject,
request_url,
login_skip,
client_id,
requested_at,
oidc_context,
login_session_id,
requested_at_audience,
login_initialized_at,
state,
login_remember,
login_remember_for,
login_error,
acr,
login_authenticated_at,
login_was_used,
forced_subject_identifier,
context,
amr,
consent_challenge_id,
consent_skip,
consent_verifier,
consent_csrf,
granted_scope,
granted_at_audience,
consent_remember,
consent_remember_for,
consent_handled_at,
consent_was_used,
consent_error,
session_id_token,
session_access_token,
login_extend_session_lifespan,
identity_provider_session_id,
device_challenge_id,
device_code_request_id,
device_verifier,
device_csrf,
device_was_used,
device_handled_at,
device_error
FROM hydra_oauth2_flow;
DROP TABLE hydra_oauth2_flow;
ALTER TABLE hydra_oauth2_flow_next
RENAME TO hydra_oauth2_flow;
CREATE INDEX hydra_oauth2_flow_client_id_idx ON hydra_oauth2_flow (client_id, nid);
CREATE INDEX hydra_oauth2_flow_login_session_id_idx ON hydra_oauth2_flow (login_session_id);
CREATE INDEX hydra_oauth2_flow_subject_idx ON hydra_oauth2_flow (subject, nid);
CREATE UNIQUE INDEX hydra_oauth2_flow_consent_challenge_id_idx ON hydra_oauth2_flow (consent_challenge_id);
CREATE INDEX hydra_oauth2_flow_previous_consents_idx ON hydra_oauth2_flow (subject, client_id, nid, consent_skip,
consent_error, consent_remember);
CREATE UNIQUE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);

20
persistence/sql/migrations/20251119112639000000_flow_drop_defaults.up.sql Normal file
View File

@ -0,0 +1,20 @@
ALTER TABLE hydra_oauth2_flow
-- We need to drop these NOT NULL constraints, because the fields are actually not used anymore in the code, and therefore cannot be set by it.
ALTER COLUMN login_extend_session_lifespan DROP NOT NULL,
ALTER COLUMN forced_subject_identifier DROP NOT NULL,
ALTER COLUMN requested_at_audience DROP DEFAULT,
ALTER COLUMN forced_subject_identifier DROP DEFAULT,
ALTER COLUMN oidc_context DROP DEFAULT,
ALTER COLUMN context DROP DEFAULT,
ALTER COLUMN amr DROP DEFAULT,
ALTER COLUMN acr DROP DEFAULT,
ALTER COLUMN consent_skip DROP DEFAULT,
ALTER COLUMN granted_at_audience DROP DEFAULT,
ALTER COLUMN consent_remember DROP DEFAULT,
ALTER COLUMN login_remember DROP DEFAULT,
ALTER COLUMN consent_was_used DROP DEFAULT,
ALTER COLUMN login_was_used DROP DEFAULT,
ALTER COLUMN session_id_token DROP DEFAULT,
ALTER COLUMN session_access_token DROP DEFAULT,
ALTER COLUMN login_extend_session_lifespan DROP DEFAULT;

5
persistence/sql/migrations/20251119112639000001_flow_drop_defaults.down.sql Normal file
View File

@ -0,0 +1,5 @@
UPDATE hydra_oauth2_flow
SET login_extend_session_lifespan = COALESCE(login_extend_session_lifespan, FALSE),
forced_subject_identifier = COALESCE(forced_subject_identifier, '')
WHERE login_extend_session_lifespan IS NULL
OR forced_subject_identifier IS NULL;

1
persistence/sql/migrations/20251119112639000001_flow_drop_defaults.up.sql Normal file
View File

@ -0,0 +1 @@
-- only down needed

17
persistence/sql/migrations/20251119112639000002_flow_drop_defaults.down.sql Normal file
View File

@ -0,0 +1,17 @@
ALTER TABLE hydra_oauth2_flow
ALTER COLUMN login_extend_session_lifespan SET DEFAULT FALSE,
ALTER COLUMN forced_subject_identifier SET DEFAULT '',
ALTER COLUMN requested_at_audience SET DEFAULT '[]'::jsonb,
ALTER COLUMN oidc_context SET DEFAULT '{}'::jsonb,
ALTER COLUMN context SET DEFAULT '{}'::jsonb,
ALTER COLUMN amr SET DEFAULT '[]'::jsonb,
ALTER COLUMN acr SET DEFAULT '',
ALTER COLUMN consent_skip SET DEFAULT FALSE,
ALTER COLUMN granted_at_audience SET DEFAULT '[]'::jsonb,
ALTER COLUMN consent_remember SET DEFAULT FALSE,
ALTER COLUMN login_remember SET DEFAULT FALSE,
ALTER COLUMN consent_was_used SET DEFAULT FALSE,
ALTER COLUMN login_was_used SET DEFAULT FALSE,
ALTER COLUMN session_id_token SET DEFAULT '{}'::jsonb,
ALTER COLUMN session_access_token SET DEFAULT '{}'::jsonb;

17
persistence/sql/migrations/20251119112639000002_flow_drop_defaults.mysql.down.sql Normal file
View File

@ -0,0 +1,17 @@
ALTER TABLE hydra_oauth2_flow
ALTER COLUMN forced_subject_identifier SET DEFAULT '',
ALTER COLUMN login_extend_session_lifespan SET DEFAULT FALSE,
MODIFY COLUMN requested_at_audience JSON DEFAULT (_utf8mb4'[]'),
MODIFY COLUMN amr JSON DEFAULT (_utf8mb4'[]'),
MODIFY COLUMN granted_at_audience JSON DEFAULT (_utf8mb4'[]'),
MODIFY COLUMN oidc_context JSON NOT NULL DEFAULT (_utf8mb4'{}'),
MODIFY COLUMN context JSON NOT NULL DEFAULT (_utf8mb4'{}'),
MODIFY COLUMN acr TEXT NOT NULL DEFAULT (_utf8mb4''),
ALTER COLUMN consent_skip SET DEFAULT FALSE,
ALTER COLUMN consent_remember SET DEFAULT FALSE,
ALTER COLUMN login_remember SET DEFAULT FALSE,
ALTER COLUMN consent_was_used SET DEFAULT FALSE,
ALTER COLUMN login_was_used SET DEFAULT FALSE,
MODIFY COLUMN session_id_token JSON NOT NULL DEFAULT (_utf8mb4'{}'),
MODIFY COLUMN session_access_token JSON NOT NULL DEFAULT (_utf8mb4'{}');

1
persistence/sql/migrations/20251119112639000002_flow_drop_defaults.sqlite.down.sql Normal file
View File

@ -0,0 +1 @@
-- nothing to do for sqlite

1
persistence/sql/migrations/20251119112639000002_flow_drop_defaults.sqlite.up.sql Normal file
View File

@ -0,0 +1 @@
-- nothing to do for sqlite

1
persistence/sql/migrations/20251119112639000002_flow_drop_defaults.up.sql Normal file
View File

@ -0,0 +1 @@
-- only down needed