Re: [oauth] Stabilize the libpq-oauth ABI (and allow alternative implementations?)
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Chao Li <li.evan.chao@gmail.com>
Date: 2026-03-07T00:27:12Z
Lists: pgsql-hackers
On Fri, Mar 6, 2026 at 2:44 PM Zsolt Parragi <zsolt.parragi@percona.com> wrote: > + if ((start_flow = dlsym(state->flow_module, "pg_start_oauthbearer")) == NULL) > > And this path has the same issue, the library is there, so suggesting > to install libpq-oauth isn't helpful. I'll cherry-pick some of the -1 handling backwards in the patchset to handle this. > + appendPQExpBuffer(&conn->errorMessage, > + "use_builtin_flow: failed to lock mutex (%d)\n", > + lockerr); > > This is after an assert, so maybe it is okay as is, but this bypasses > gettext. Correct. For PG18, I got the feedback that can't-happen errors in OAuth should really remain untranslated, unless it's clear that the user can act on them. Otherwise we're consuming translators' time for no practical benefit. > > (try installing the libpq-oauth package) > > This isn't changed in these patches, but Is it okay to assume a > package name here? No, not really, but see [1]. Any "vanilla" version of that error message will contain the string "libpq-oauth" regardless; that's the module's name. So package maintainers need to either patch the line if it's not useful, or else let us know how they'd prefer to override this -- Makefile? Configure? (Meson?) -- to improve the situation. Christoph gave the most feedback here, so Debian has the most-greased wheel at the moment. :D Thanks, --Jacob [1] https://postgr.es/m/aAOREVWMFTuWvJ1l%40msg.df7cb.de
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
libpq: Allow developers to reimplement libpq-oauth
- 09532b4040ed 19 (unreleased) landed
-
libpq: Poison the v2 part of a v1 Bearer request
- 0af4d402cb90 19 (unreleased) landed
-
libpq-oauth: Never link against libpq's encoding functions
- dba35604485f 19 (unreleased) landed
-
libpq-oauth: Use the PGoauthBearerRequestV2 API
- 6225403f2783 19 (unreleased) landed
-
libpq: Introduce PQAUTHDATA_OAUTH_BEARER_TOKEN_V2
- e982331b5208 19 (unreleased) landed
-
libpq: Add PQgetThreadLock() to mirror PQregisterThreadLock()
- b8d76858353e 19 (unreleased) landed
-
oauth: Report cleanup errors as warnings on stderr
- f8c0b91a6063 19 (unreleased) landed
-
oauth_validator: Avoid races in log_check()
- c3df85756ceb 18.2 landed
- ab8af1db4303 19 (unreleased) landed
-
libpq-oauth: use correct c_args in meson.build
- 023a3c786b81 18.2 landed
- 781ca72139d6 19 (unreleased) landed
-
libpq-fe.h: Don't claim SOCKTYPE in the global namespace
- cc824482a3c0 18.2 landed
- 8b217c96ea2d 19 (unreleased) landed