Re: Improve OAuth discovery logging

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Chao Li <li.evan.chao@gmail.com>
Cc: Zsolt Parragi <zsolt.parragi@percona.com>, Andrey Borodin <x4mmm@yandex-team.ru>, Daniel Gustafsson <daniel@yesql.se>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Michael Paquier <michael@paquier.xyz>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2026-03-17T15:38:01Z
Lists: pgsql-hackers
On Mon, Mar 16, 2026 at 11:19 PM Chao Li <li.evan.chao@gmail.com> wrote:
> Do you mean that we do the same as WARNING_CLIENT_ONLY in this patch, and use a separate patch to fix them together?

I'm not sure I want to fix it at all; it keeps the code coherent even
if someone later decides they really want to override the CLIENT_ONLY
directive for some reason.

On the WARNING_CLIENT_ONLY thread [1], Andres said

> I don't think it needs to be done right now, but I again want to suggest
> it'd be nice if we split log levels into a bitmask. If we bits, separate
> from the log level, for do-not-log-to-client and do-not-log-to-server
> some of this code would imo look nicer.

and I think I agree that would be a good way for future improvement.

--Jacob

[1] https://postgr.es/m/20201228191428.p5bhcvd4ixsuyifd%40alap3.anarazel.de



Commits

  1. oauth: Don't log discovery connections by default

  2. sasl: Allow backend mechanisms to "abandon" exchanges

  3. Add FATAL_CLIENT_ONLY to ereport/elog

  4. oauth_validator: Avoid races in log_check()