Re: Custom oauth validator options
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: VASUKI M <vasukianand0119@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>,
david.g.johnston@gmail.com, Robert Haas <robertmhaas@gmail.com>, myon@debian.org
Date: 2026-01-27T17:40:32Z
Lists: pgsql-hackers
On Mon, Jan 26, 2026 at 1:51 AM Zsolt Parragi <zsolt.parragi@percona.com> wrote: > The choosing authentication method part would already > be useful with OAuth, and now Joel also started a thread about fido2, > which also brings the question of MFA. Or just the ability to offer a choice between two authentication methods for a single user, yeah. > pg_hba has the same issue, even if it has custom key=value data > already. What I meant is similarly how we could turn currently hard > coded pg_hba settings into GUC variables, the same is doable with > pg_hosts, either at a separate level or integrating it into the HBA > context. And later either both should get a new line style and > deprecate the old one, or maybe these settings should be configured > completely differently. Sure; at this point I think we're violently agreeing. If we suspect the configuration UX needs to be refactored, that's not going to be a decision made unilaterally in this thread, which is why I said I was worried about the scope creep. --Jacob
Commits
-
oauth: Allow validators to register custom HBA options
- b977bd308a09 19 (unreleased) landed
-
Make LOAD of an already-loaded library into a no-op, instead of attempting
- 602a9ef5a7c6 9.0.0 cited