feat: delete OAuth refresh token on RP initiated logout (#1480)

backend/resources/migrations/sqlite/20260418120000_oidc_amr_claim.down.sql

@@ -1,3 +1,10 @@
+PRAGMA foreign_keys= OFF;
+BEGIN;
+
 ALTER TABLE oidc_authorization_codes DROP COLUMN authentication_method;
 ALTER TABLE oidc_refresh_tokens DROP COLUMN authentication_method;
 ALTER TABLE oidc_device_codes DROP COLUMN authentication_method;
+
+COMMIT;
+PRAGMA foreign_keys= ON;
+

backend/resources/migrations/sqlite/20260418120000_oidc_amr_claim.up.sql

@@ -1,6 +1,12 @@
+PRAGMA foreign_keys= OFF;
+BEGIN;
+
 ALTER TABLE oidc_authorization_codes
     ADD COLUMN authentication_method TEXT NOT NULL DEFAULT '';
 ALTER TABLE oidc_refresh_tokens
     ADD COLUMN authentication_method TEXT NOT NULL DEFAULT '';
 ALTER TABLE oidc_device_codes
     ADD COLUMN authentication_method TEXT NOT NULL DEFAULT '';
+
+COMMIT;
+PRAGMA foreign_keys= ON;

backend/resources/migrations/sqlite/20260518222000_oidc_refresh_token_id_token_jti.down.sql

@@ -0,0 +1,10 @@
+PRAGMA foreign_keys= OFF;
+BEGIN;
+
+DROP INDEX IF EXISTS idx_oidc_refresh_tokens_id_token_jti;
+
+ALTER TABLE oidc_refresh_tokens
+    DROP COLUMN id_token_jti;
+
+COMMIT;
+PRAGMA foreign_keys= ON;

backend/resources/migrations/sqlite/20260518222000_oidc_refresh_token_id_token_jti.up.sql

@@ -0,0 +1,11 @@
+PRAGMA foreign_keys= OFF;
+BEGIN;
+
+ALTER TABLE oidc_refresh_tokens
+    ADD COLUMN id_token_jti TEXT;
+
+CREATE INDEX idx_oidc_refresh_tokens_id_token_jti
+    ON oidc_refresh_tokens(user_id, client_id, id_token_jti);
+
+COMMIT;
+PRAGMA foreign_keys= ON;