Thread

  1. Re: Custom oauth validator options

    Jacob Champion <jacob.champion@enterprisedb.com> — 2025-12-17T18:27:44Z

    On Tue, Dec 16, 2025 at 10:30 PM VASUKI M <vasukianand0119@gmail.com> wrote:
    > Overall, +1 that this limitation is real and worth discussing.I’ll plan to send a patch shortly exploring option (b).
    
    Thanks!
    
    > Reg very long HBA lines: totally agree this is a real readability issue,but allowing per-line includes or external file feels like a seperate(and much bigger)topic,probably best tackled independently.
    
    I forgot to mention in my reply to Zsolt, but we've supported inline
    inclusions in HBA for a few releases now. (I just frequently forget
    they exist.)
    
    pg_hba.conf:
    
        hostssl  all  all  0.0.0.0/0  oauth  @oauth-settings.conf
    
    oauth-settings.conf:
    
        issuer=https://oauth.example.org/v2
        scope="openid email let-me-into-pg"
        validator=example_org
        map=examplemap
    
    And for smaller annoyances, you can wrap lines with backslash continuation.
    
    I haven't used these new features much, since I forget they exist, so
    if there are usability problems in practice please say something so we
    can fix it.
    
    --Jacob