Re: [oauth] Stabilize the libpq-oauth ABI (and allow alternative implementations?)
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Chao Li <li.evan.chao@gmail.com>
Date: 2026-03-03T22:08:21Z
Lists: pgsql-hackers
Attachments
- since-v4.diff.txt (text/plain)
- v5-0001-oauth-Report-cleanup-errors-as-warnings-on-stderr.patch (application/octet-stream) patch v5-0001
- v5-0002-libpq-Add-PQgetThreadLock-to-mirror-PQregisterThr.patch (application/octet-stream) patch v5-0002
- v5-0003-libpq-Introduce-PQAUTHDATA_OAUTH_BEARER_TOKEN_V2.patch (application/octet-stream) patch v5-0003
- v5-0004-libpq-oauth-Use-the-PGoauthBearerRequestV2-API.patch (application/octet-stream) patch v5-0004
- v5-0005-libpq-oauth-Never-link-against-libpq-s-encoding-f.patch (application/octet-stream) patch v5-0005
- v5-0006-WIP-test-out-poisoning.patch (application/octet-stream) patch v5-0006
- v5-0007-WIP-Introduce-third-party-OAuth-flow-plugins.patch (application/octet-stream) patch v5-0007
On Fri, Feb 27, 2026 at 11:42 AM Jacob Champion <jacob.champion@enterprisedb.com> wrote: > 0001 should be ready to go. I meant to put 0002 up in its own thread > at the beginning of the week but got sidetracked, so I'll go do that > now. Done at [1]. v5 incorporates that version of the patch in -0002 and makes some minor test updates for better coverage in -0003. > 0003 has to wait on Valgrind, and 0004-5 have to wait on 0002. v5-0006 is my experiment in Valgrind (and also AddressSanitizer, and also generic pointer poisoning). I think it's interesting, and it seems clean enough for some subset to be committable for 19. The weak-symbol support for ASan is the most suspect; I have no idea if it links correctly across all platforms. It's probably better for me to propose generic ASan support in utils/memdebug.h at some point in the future, and drop it from this patch. I don't plan to block the other patches on -0006, since -0004 is blocking PGOAUTHCAFILE. --Jacob [1] https://postgr.es/m/CAOYmi%2B%3DMHD%2BWKD4rsTn0v8220mYfyLGhEc5EfhmtqrAb7SmC5g%40mail.gmail.com
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
libpq: Allow developers to reimplement libpq-oauth
- 09532b4040ed 19 (unreleased) landed
-
libpq: Poison the v2 part of a v1 Bearer request
- 0af4d402cb90 19 (unreleased) landed
-
libpq-oauth: Never link against libpq's encoding functions
- dba35604485f 19 (unreleased) landed
-
libpq-oauth: Use the PGoauthBearerRequestV2 API
- 6225403f2783 19 (unreleased) landed
-
libpq: Introduce PQAUTHDATA_OAUTH_BEARER_TOKEN_V2
- e982331b5208 19 (unreleased) landed
-
libpq: Add PQgetThreadLock() to mirror PQregisterThreadLock()
- b8d76858353e 19 (unreleased) landed
-
oauth: Report cleanup errors as warnings on stderr
- f8c0b91a6063 19 (unreleased) landed
-
oauth_validator: Avoid races in log_check()
- c3df85756ceb 18.2 landed
- ab8af1db4303 19 (unreleased) landed
-
libpq-oauth: use correct c_args in meson.build
- 023a3c786b81 18.2 landed
- 781ca72139d6 19 (unreleased) landed
-
libpq-fe.h: Don't claim SOCKTYPE in the global namespace
- cc824482a3c0 18.2 landed
- 8b217c96ea2d 19 (unreleased) landed