# 0005. Phase 1 Database Schema

Date: 2024-11-20

## Status
Accepted

## Context
Phase 1 requires database storage for authorization codes and domain verification. We need to determine which tables to create initially while avoiding over-engineering for future needs.

## Decision
Phase 1 will create exactly three tables:

1. **`authorization_codes`** - Temporary storage for OAuth authorization codes
   - Required by IndieAuth authorization flow
   - Short-lived (10 minutes expiry)
   - Contains: code, client_id, redirect_uri, state, code_challenge, code_challenge_method, scope, created_at

2. **`domains`** - Verified domain ownership records
   - Required for domain verification flow
   - Stores verification codes and status
   - Contains: domain, email, verification_code, verified, created_at, verified_at

3. **`migrations`** - Schema version tracking
   - Simple migration tracking
   - Contains: version, applied_at, description

We will NOT create in Phase 1:
- Audit/logging tables (use structured logging to files instead)
- Token storage table (tokens are handled in Phase 2)
- Client registration table (Phase 3 feature)

## Consequences
### Positive
- Minimal schema focused on immediate Phase 1 needs
- Easy to understand and test
- Fast database operations with minimal tables
- Can add tables in later phases as features require them

### Negative
- No audit trail in database (rely on application logs)
- Will need migration for Phase 2 token storage