...
A confidential client is capable of keeping their credentials confidential. The example given in the OAuth specification is a web application running on a web server. In our another context, this could also be a workflow engine. Maintaining the confidentiality of the client credentials adds an additional layer of security because the credentials must be supplied when using a refresh token to request an access token.
...
Name | Type | Notes |
|---|---|---|
ID | INTEGER | Primary key |
TOKEN_HASH | CHAR(64) | SHA256 hash of the refresh token passed to the client |
NAME | VARCHAR(256) | Human-readable identifier for the token |
USER_ID | BIGINT | Foreign key reference to the principal whose resources this token grants access to |
CLIENT_ID | BIGINT | The client that this token is issued to |
CREATED_ON | TIMESTAMP | When this refresh token was created |
LAST_USED | TIMESTAMP | The last time this refresh token was used to issue an access token |
MODIFIED_ON | TIMESTAMP | The last time this token was modified (i.e. the name was changed) |
ETAG | CHAR(36) | For OCC |
...