Re: [oauth] Stabilize the libpq-oauth ABI (and allow alternative implementations?)
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Chao Li <li.evan.chao@gmail.com>
Date: 2026-03-06T00:57:13Z
Lists: pgsql-hackers
Attachments
- since-v5.diff.txt (text/plain)
- v6-0001-libpq-Introduce-PQAUTHDATA_OAUTH_BEARER_TOKEN_V2.patch (application/octet-stream) patch v6-0001
- v6-0002-libpq-oauth-Use-the-PGoauthBearerRequestV2-API.patch (application/octet-stream) patch v6-0002
- v6-0003-libpq-oauth-Never-link-against-libpq-s-encoding-f.patch (application/octet-stream) patch v6-0003
- v6-0004-WIP-test-out-poisoning.patch (application/octet-stream) patch v6-0004
- v6-0005-WIP-Introduce-third-party-OAuth-flow-plugins.patch (application/octet-stream) patch v6-0005
On Tue, Mar 3, 2026 at 2:08 PM Jacob Champion <jacob.champion@enterprisedb.com> wrote: > I don't plan to block the other patches on -0006, since -0004 is > blocking PGOAUTHCAFILE. v5-0001 and -0002 are now committed. Attached is a v6 rebase with some minor self-review fixups and the removal of ASan from the poisoning experiment. v6-0001 through -0003 are targeted for commit next. I'll leave -0004 for later; I plan to ask for some committer review, since it's pretty unusual code for libpq, but it needs a real commit message and some better docs first. As for -0005: I think I'll cherry-pick only the ability for the libpq_oauth_init entry to be optional, marking any flows that don't provide it as user-defined, to make it possible for v19 developers to help us iterate on v20 if they want. Thanks, --Jacob
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
libpq: Allow developers to reimplement libpq-oauth
- 09532b4040ed 19 (unreleased) landed
-
libpq: Poison the v2 part of a v1 Bearer request
- 0af4d402cb90 19 (unreleased) landed
-
libpq-oauth: Never link against libpq's encoding functions
- dba35604485f 19 (unreleased) landed
-
libpq-oauth: Use the PGoauthBearerRequestV2 API
- 6225403f2783 19 (unreleased) landed
-
libpq: Introduce PQAUTHDATA_OAUTH_BEARER_TOKEN_V2
- e982331b5208 19 (unreleased) landed
-
libpq: Add PQgetThreadLock() to mirror PQregisterThreadLock()
- b8d76858353e 19 (unreleased) landed
-
oauth: Report cleanup errors as warnings on stderr
- f8c0b91a6063 19 (unreleased) landed
-
oauth_validator: Avoid races in log_check()
- c3df85756ceb 18.2 landed
- ab8af1db4303 19 (unreleased) landed
-
libpq-oauth: use correct c_args in meson.build
- 023a3c786b81 18.2 landed
- 781ca72139d6 19 (unreleased) landed
-
libpq-fe.h: Don't claim SOCKTYPE in the global namespace
- cc824482a3c0 18.2 landed
- 8b217c96ea2d 19 (unreleased) landed