oauth: Classify oauth_client_secret as a password

Jacob Champion <jchampion@postgresql.org>

Commit: e974f1c2164bc677d55f98edaf99f80c0b6b89d9
Author: Jacob Champion <jchampion@postgresql.org>
Date: 2025-04-29T20:08:55Z
Releases: 18.0
oauth: Classify oauth_client_secret as a password

Tell UIs to hide the value of oauth_client_secret, like the other
passwords. Due to the previous commit, this does not affect postgres_fdw
and dblink, but add a comment to try to warn others of the hazard in the
future.

Reported-by: Noah Misch <noah@leadboat.com>
Reviewed-by: Noah Misch <noah@leadboat.com>
Discussion: https://postgr.es/m/20250415191435.55.nmisch%40google.com

Files

PathChange+/−
src/interfaces/libpq/fe-connect.c modified +7 −1

Discussion