Thread
-
Re: Custom oauth validator options
Jacob Champion <jacob.champion@enterprisedb.com> — 2025-12-17T18:27:44Z
On Tue, Dec 16, 2025 at 10:30 PM VASUKI M <vasukianand0119@gmail.com> wrote: > Overall, +1 that this limitation is real and worth discussing.I’ll plan to send a patch shortly exploring option (b). Thanks! > Reg very long HBA lines: totally agree this is a real readability issue,but allowing per-line includes or external file feels like a seperate(and much bigger)topic,probably best tackled independently. I forgot to mention in my reply to Zsolt, but we've supported inline inclusions in HBA for a few releases now. (I just frequently forget they exist.) pg_hba.conf: hostssl all all 0.0.0.0/0 oauth @oauth-settings.conf oauth-settings.conf: issuer=https://oauth.example.org/v2 scope="openid email let-me-into-pg" validator=example_org map=examplemap And for smaller annoyances, you can wrap lines with backslash continuation. I haven't used these new features much, since I forget they exist, so if there are usability problems in practice please say something so we can fix it. --Jacob