Re: Improve OAuth discovery logging

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Chao Li <li.evan.chao@gmail.com>, Andrey Borodin <x4mmm@yandex-team.ru>, Zsolt Parragi <zsolt.parragi@percona.com>, Daniel Gustafsson <daniel@yesql.se>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2026-03-31T18:51:41Z
Lists: pgsql-hackers
On Fri, Mar 20, 2026 at 11:14 AM Jacob Champion
<jacob.champion@enterprisedb.com> wrote:
> I'm not in a rush to get this patch pushed, and I want to give Michael
> ample time to weigh in. (Personally, I don't think anyone is likely to
> argue against the behavior change here, only against how it's being
> done. We have alternative implementations available if there are
> strong opinions late in the cycle. So I feel pretty confident we can
> land a fix for 19.)

Pushed (but post-commit review is very welcome :D).

--Jacob



Commits

  1. oauth: Don't log discovery connections by default

  2. sasl: Allow backend mechanisms to "abandon" exchanges

  3. Add FATAL_CLIENT_ONLY to ereport/elog

  4. oauth_validator: Avoid races in log_check()