Re: Custom oauth validator options
Zsolt Parragi <zsolt.parragi@percona.com>
From: Zsolt Parragi <zsolt.parragi@percona.com>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: VASUKI M <vasukianand0119@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>,
david.g.johnston@gmail.com, Robert Haas <robertmhaas@gmail.com>, myon@debian.org
Date: 2026-01-14T18:20:05Z
Lists: pgsql-hackers
Attachments
- v2-0001-Introduce-PGC_HBA-GUC-variables-settable-in-pg_hba.c.patch (application/octet-stream) patch v2-0001
> Well, how do you want "global" GUCs registered by the validator to > behave when OAuth isn't used for the connection? My assumption was that with session_preload we only validate the line used for the current login, not all the lines. This way we don't have to always include all validator/hba plugins in session_preload, for every login. This is what I implemented for now, but if you think it would be better to validate every line, I can adjust that. > Of those choices, this _seems_ nicest. It'd be good to get a feel for > how it behaves in practice though. See the attached v2, with the above comment. Other than the above question (validate everything vs the current line), I'm also not entirely sure if we do need PGC_HBA. It could also work with PGC_SIGHUP + the new PGC_S_HBA value in GucSources.
Commits
-
oauth: Allow validators to register custom HBA options
- b977bd308a09 19 (unreleased) landed
-
Make LOAD of an already-loaded library into a no-op, instead of attempting
- 602a9ef5a7c6 9.0.0 cited