Re: [oauth] Stabilize the libpq-oauth ABI (and allow alternative implementations?)

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Chao Li <li.evan.chao@gmail.com>
Cc: "Jonathan Gonzalez V." <jonathan.abdiel@gmail.com>, Zsolt Parragi <zsolt.parragi@percona.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2026-03-31T18:50:02Z
Lists: pgsql-hackers
On Mon, Mar 16, 2026 at 12:33 AM Chao Li <li.evan.chao@gmail.com> wrote:
> I think this check relies on that when poisoning, request->error should be NULL. So, does it make sense to Assert(request->error==NULL) in the poison branch?

Yes, that's a good idea. Done in the committed version.

> 2 - 0002 Overall LGTM. A small comment is that, now use_builtin_flow() becomes a bit misleading because it may turn to non-builtin when libpq_oauth_init is not provided by the lib. So, maybe rename the function to something like try_builtin_flow()?

I think you're correct that the naming here has not caught up to where
we are, but try_builtin_flow() doesn't get us much closer in my
opinion, and I wasn't able to find something I really liked. This will
need a refactor when plugins arrive, so I'm deferring for now.

Thanks!
--Jacob



Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. libpq: Allow developers to reimplement libpq-oauth

  2. libpq: Poison the v2 part of a v1 Bearer request

  3. libpq-oauth: Never link against libpq's encoding functions

  4. libpq-oauth: Use the PGoauthBearerRequestV2 API

  5. libpq: Introduce PQAUTHDATA_OAUTH_BEARER_TOKEN_V2

  6. libpq: Add PQgetThreadLock() to mirror PQregisterThreadLock()

  7. oauth: Report cleanup errors as warnings on stderr

  8. oauth_validator: Avoid races in log_check()

  9. libpq-oauth: use correct c_args in meson.build

  10. libpq-fe.h: Don't claim SOCKTYPE in the global namespace