-- ============================================================================
-- Auth Database Schema (auth.db)
-- ============================================================================
-- Separate from medical data. Contains volatile OAuth/session data.
-- Tables are NOT auto-created. Use this file manually if needed.
-- ============================================================================

-- OAuth Clients (Claude, Flutter app, etc.)
CREATE TABLE IF NOT EXISTS oauth_clients (
    client_id TEXT PRIMARY KEY,
    client_secret TEXT NOT NULL,
    name TEXT NOT NULL,
    redirect_uris TEXT NOT NULL,  -- JSON array
    created_at INTEGER NOT NULL
);

-- OAuth Authorization Codes (short-lived, single-use)
CREATE TABLE IF NOT EXISTS oauth_codes (
    code TEXT PRIMARY KEY,
    client_id TEXT NOT NULL,
    dossier_id TEXT NOT NULL,
    redirect_uri TEXT NOT NULL,
    code_challenge TEXT,
    code_challenge_method TEXT,
    expires_at INTEGER NOT NULL,
    used INTEGER DEFAULT 0
);

CREATE INDEX IF NOT EXISTS idx_oauth_codes_client ON oauth_codes(client_id);

-- OAuth Refresh Tokens (long-lived, rotatable)
CREATE TABLE IF NOT EXISTS oauth_refresh_tokens (
    token_id TEXT PRIMARY KEY,
    client_id TEXT NOT NULL,
    dossier_id TEXT NOT NULL,
    expires_at INTEGER NOT NULL,
    revoked INTEGER DEFAULT 0,
    created_at INTEGER NOT NULL
);

CREATE INDEX IF NOT EXISTS idx_oauth_refresh_dossier ON oauth_refresh_tokens(dossier_id);
CREATE INDEX IF NOT EXISTS idx_oauth_refresh_client ON oauth_refresh_tokens(client_id);