Re: [oauth] Stabilize the libpq-oauth ABI (and allow alternative implementations?)
Zsolt Parragi <zsolt.parragi@percona.com>
From: Zsolt Parragi <zsolt.parragi@percona.com>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Chao Li <li.evan.chao@gmail.com>
Date: 2026-03-06T22:44:43Z
Lists: pgsql-hackers
For the first commits I only have a few more questions/comments about the error messages, otherwise looks good. > > + libpq_append_conn_error(conn, "failed to lock mutex (%d)", lockerr); > > + return 0; > > + } > > Shouldn't this path return -1, > > We could. I chose zero to try to retain the PG18 behavior, but I could > expand this error message and set request->error instead. If that'd be > less confusing to you as a reader, it's probably worth the change. If this returns 0, we print out failed to lock mutex no OAuth flows are available (try installing the libpq-oauth package) Which isn't ideal, as the library is there, so installing the package wouldn't help. + if ((start_flow = dlsym(state->flow_module, "pg_start_oauthbearer")) == NULL) And this path has the same issue, the library is there, so suggesting to install libpq-oauth isn't helpful. The more detailed message is only printed out with unsafe debugging, without that it just returns 0. + appendPQExpBuffer(&conn->errorMessage, + "use_builtin_flow: failed to lock mutex (%d)\n", + lockerr); This is after an assert, so maybe it is okay as is, but this bypasses gettext. (or shouldn't it use "internal error:" similarly to the other untranslated error message? and another 2 internal errors are translated) > (try installing the libpq-oauth package) This isn't changed in these patches, but Is it okay to assume a package name here? This is not a package that universally exists everywhere, we can't even be sure that pg was installed with a package manager. On RHEL it is called postgresql18-libs-oauth, on suse it's part of the main libpq package. In both cases if for some internal error it can't find/load the library, we suggest installing a package that doesn't exist on that system.
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
libpq: Allow developers to reimplement libpq-oauth
- 09532b4040ed 19 (unreleased) landed
-
libpq: Poison the v2 part of a v1 Bearer request
- 0af4d402cb90 19 (unreleased) landed
-
libpq-oauth: Never link against libpq's encoding functions
- dba35604485f 19 (unreleased) landed
-
libpq-oauth: Use the PGoauthBearerRequestV2 API
- 6225403f2783 19 (unreleased) landed
-
libpq: Introduce PQAUTHDATA_OAUTH_BEARER_TOKEN_V2
- e982331b5208 19 (unreleased) landed
-
libpq: Add PQgetThreadLock() to mirror PQregisterThreadLock()
- b8d76858353e 19 (unreleased) landed
-
oauth: Report cleanup errors as warnings on stderr
- f8c0b91a6063 19 (unreleased) landed
-
oauth_validator: Avoid races in log_check()
- c3df85756ceb 18.2 landed
- ab8af1db4303 19 (unreleased) landed
-
libpq-oauth: use correct c_args in meson.build
- 023a3c786b81 18.2 landed
- 781ca72139d6 19 (unreleased) landed
-
libpq-fe.h: Don't claim SOCKTYPE in the global namespace
- cc824482a3c0 18.2 landed
- 8b217c96ea2d 19 (unreleased) landed