Re: Improve OAuth discovery logging
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Andrey Borodin <x4mmm@yandex-team.ru>
Cc: Zsolt Parragi <zsolt.parragi@percona.com>,
Chao Li <li.evan.chao@gmail.com>, Daniel Gustafsson <daniel@yesql.se>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Michael Paquier <michael@paquier.xyz>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2026-03-16T18:14:08Z
Lists: pgsql-hackers
On Mon, Mar 16, 2026 at 1:30 AM Andrey Borodin <x4mmm@yandex-team.ru> wrote: > I have no more comments about the patch, feel free to flip it to RfC. Thanks all, v7 looks very similar to one of my local patches. I don't want to escape the authentication flow from inside a SASL mech, though (it's unusual/invisible to other maintainers, plus it bypasses the ClientAuthentication_hook). I'm working on a three-patch set to add FATAL_CLIENT_ONLY, the new abandoned state, and the log fix making use of both. Should have something posted today if things go my way. --Jacob
Commits
-
oauth: Don't log discovery connections by default
- e020a897efea 19 (unreleased) landed
-
sasl: Allow backend mechanisms to "abandon" exchanges
- c4ff16339f07 19 (unreleased) landed
-
Add FATAL_CLIENT_ONLY to ereport/elog
- c2bca7cc9621 19 (unreleased) landed
-
oauth_validator: Avoid races in log_check()
- ab8af1db4303 19 (unreleased) cited