-- Security module: OAuth2 token cache for the thin BC gateway -- (used only when the BC connection runs in OAuth2 auth mode). -- Tokens are stored encrypted and tenant-scoped. CREATE TABLE IF NOT EXISTS `security_oauth_token_cache` ( `id` INT UNSIGNED NOT NULL AUTO_INCREMENT, `tenant_id` INT UNSIGNED NOT NULL, `access_token_encrypted` TEXT NOT NULL, `expires_at` DATETIME NOT NULL, `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`), INDEX `idx_security_oauth_tenant` (`tenant_id`), INDEX `idx_security_oauth_expires` (`expires_at`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;