Re: Improve OAuth discovery logging
x4mmm@yandex-team.ru
From: Andrey Borodin <x4mmm@yandex-team.ru>
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>,
Chao Li <li.evan.chao@gmail.com>,
Daniel Gustafsson <daniel@yesql.se>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Michael Paquier <michael@paquier.xyz>
Date: 2026-02-26T05:51:16Z
Lists: pgsql-hackers
This looks like nice patch addressing real issue in log analyzing.
Basic idea seems correct to me WRT OAuth, but I'm not a real expert in auth.
> On 25 Feb 2026, at 18:14, Zsolt Parragi <zsolt.parragi@percona.com> wrote:
>
> It can't, because the if is based on ctx->state. If I move it to
> before the if, I have to save the previous value, which just makes the
> code longer.
Well, you can do something in a line with
bool was_discovery = (ctx->state == OAUTH_STATE_ERROR_DISCOVERY);
ctx->state = OAUTH_STATE_FINISHED;
if (was_discovery)
{
}
But it's a matter of taste. Your code is correct anyway.
We can tweak comments a bit in sasl.h:
/*---------
* exchange()
*
* Produces a server challenge to be sent to the client. The callback
* must return one of the PG_SASL_EXCHANGE_* values, depending on
* whether the exchange continues, has finished successfully, or has
* failed. <---- , or was abandoned by the client.
* a successful outcome). The callback should set this to
* NULL if the exchange is over and no output should be sent,
* which should correspond to either PG_SASL_EXCHANGE_FAILURE
* or a PG_SASL_EXCHANGE_SUCCESS with no outcome data. <----- or ABANDONED
* failure message.) Ignored if the exchange is completed
* with PG_SASL_EXCHANGE_SUCCESS. <------ or ABANDONED
That's all what I could grep.
And thanks for your review in my thread!
Best regards, Andrey Borodin.
Commits
-
oauth: Don't log discovery connections by default
- e020a897efea 19 (unreleased) landed
-
sasl: Allow backend mechanisms to "abandon" exchanges
- c4ff16339f07 19 (unreleased) landed
-
Add FATAL_CLIENT_ONLY to ereport/elog
- c2bca7cc9621 19 (unreleased) landed
-
oauth_validator: Avoid races in log_check()
- ab8af1db4303 19 (unreleased) cited