From fd7224fa4617f548320c4f923ba2d6d6e81c9243 Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Mon, 17 Feb 2025 14:42:42 -0800 Subject: [PATCH v52 2/3] fixup! Add support for OAUTHBEARER SASL mechanism --- src/interfaces/libpq/fe-auth-oauth.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/interfaces/libpq/fe-auth-oauth.c b/src/interfaces/libpq/fe-auth-oauth.c index 24448c3e209..fb1e9a1a8aa 100644 --- a/src/interfaces/libpq/fe-auth-oauth.c +++ b/src/interfaces/libpq/fe-auth-oauth.c @@ -815,13 +815,23 @@ fail: } /* - * Fill in our issuer identifier and discovery URI, if possible, using the + * Fill in our issuer identifier (and discovery URI, if possible) using the * connection parameters. If conn->oauth_discovery_uri can't be populated in * this function, it will be requested from the server. */ static bool setup_oauth_parameters(PGconn *conn) { + /* + * This is the only function that sets conn->oauth_issuer_id. If a + * previous connection attempt has already computed it, don't overwrite it + * or the discovery URI. (There's no reason for them to change once + * they're set, and handle_oauth_sasl_error() will fail the connection if + * the server attempts to switch them on us later.) + */ + if (conn->oauth_issuer_id) + return true; + /*--- * To talk to a server, we require the user to provide issuer and client * identifiers. -- 2.34.1