CREATE SCHEMA IF NOT EXISTS auth;

CREATE TABLE IF NOT EXISTS auth.sso_providers (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    resource_id TEXT, -- e.g. project_ref or tenant_id
    domain TEXT UNIQUE NOT NULL, -- e.g. "acme.com"
    oidc_issuer_url TEXT NOT NULL,
    oidc_client_id TEXT NOT NULL,
    oidc_client_secret TEXT NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now(),
    updated_at TIMESTAMPTZ DEFAULT now()
);

CREATE INDEX IF NOT EXISTS idx_sso_providers_domain ON auth.sso_providers(domain);