Re: pgsql: Add support for OAUTHBEARER SASL mechanism

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Christoph Berg <myon@debian.org>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Thomas Munro <thomas.munro@gmail.com>, pgsql-hackers@lists.postgresql.org
Date: 2025-04-01T13:11:51Z
Lists: pgsql-hackers
> On 1 Apr 2025, at 15:03, Christoph Berg <myon@debian.org> wrote:

> With the libpq-oauth split, this makes even more sense because
> building a library that always throws an error isn't very useful.
> (Don't build that file at all if the feature doesn't work.)

After the split, configure/meson should fail if the libcurl dependency isn't
satisfied or if the platform isn't supported.

> Since oauth/curl have some security implications, would it make more
> sense to call the switch --enable-oauth (-Doauth) so users could
> control better what features their libpq is going to have? Perhaps
> some other feature (pg_service as URL?) is going to need libcurl as
> well, but it should be configurable separately.

Perhaps --with-oauth-client for the opt-in libpq-oauth?

--
Daniel Gustafsson




Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. oauth: Fix build on platforms without epoll/kqueue

  2. Add support for OAUTHBEARER SASL mechanism