Replay protection store for DPoP proofs. Tracks used jti values to prevent replay.
| Name | Type | Default | Nullable | Children | Parents | Comment |
|---|---|---|---|---|---|---|
| client_id | text | true | Optional client that presented this proof. | |||
| htm | text | true | HTTP method asserted in the proof (htm). | |||
| htu | text | true | HTTP URI asserted in the proof (htu). | |||
| iat | timestamp with time zone | true | Issued-at timestamp from the proof (for freshness checks). | |||
| jkt | text | true | Thumbprint (RFC 7638) of the public key used in the DPoP proof. | |||
| jti_hash | bytea | false | SHA-256 hash of the DPoP proof’s jti claim (fixed-length key, avoids raw jti storage). | |||
| seen_at | timestamp with time zone | now() | false | When this DPoP proof was first observed. |
| Name | Type | Definition |
|---|---|---|
| oauth_dpop_proofs_jti_hash_not_null | n | NOT NULL jti_hash |
| oauth_dpop_proofs_pkey | PRIMARY KEY | PRIMARY KEY (jti_hash) |
| oauth_dpop_proofs_seen_at_not_null | n | NOT NULL seen_at |
| Name | Definition | Comment |
|---|---|---|
| idx_oauth_dpop_seen_at | CREATE INDEX idx_oauth_dpop_seen_at ON public.oauth_dpop_proofs USING btree (seen_at) | Speeds TTL-style cleanup and time-ordered scans for DPoP replay entries. |
| oauth_dpop_proofs_pkey | CREATE UNIQUE INDEX oauth_dpop_proofs_pkey ON public.oauth_dpop_proofs USING btree (jti_hash) |
Generated by tbls