Re: pgsql: Add support for OAUTHBEARER SASL mechanism

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Jacob Champion <[email protected]>
To: Daniel Gustafsson <[email protected]>
To: Peter Eisentraut <[email protected]>
Cc: Christoph Berg <[email protected]>
Cc: Thomas Munro <[email protected]>
Cc: [email protected]
Subject: Re: pgsql: Add support for OAUTHBEARER SASL mechanism
Date: Tue, 1 Apr 2025 08:48:52 -0700
Message-ID: <CAOYmi+nb_LVQs+Rjg3mh_CqRz3qOFMi55xD1+MBV4riEosruQQ@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>
	<CAOYmi+=SEwJ+7ATgxrkvDFyGb-FQ5FN9eF_RVMic6DAU3bk5zw@mail.gmail.com>
	<[email protected]>
	<[email protected]>

On Tue, Apr 1, 2025 at 6:12 AM Daniel Gustafsson <[email protected]> wrote:
>
> > On 1 Apr 2025, at 15:03, Christoph Berg <[email protected]> wrote:
>
> > With the libpq-oauth split, this makes even more sense because
> > building a library that always throws an error isn't very useful.
> > (Don't build that file at all if the feature doesn't work.)
>
> After the split, configure/meson should fail if the libcurl dependency isn't
> satisfied or if the platform isn't supported.

Yeah, after sleeping on it I agree. If I want a "canary" buildfarm
animal to opt into compilation on unsupported platforms, I can instead
look into a manual #define or something; it doesn't have to be a
supported configure-time thing.

> > Since oauth/curl have some security implications, would it make more
> > sense to call the switch --enable-oauth (-Doauth) so users could
> > control better what features their libpq is going to have? Perhaps
> > some other feature (pg_service as URL?) is going to need libcurl as
> > well, but it should be configurable separately.
>
> Perhaps --with-oauth-client for the opt-in libpq-oauth?

It started as -Doauth way back when, but was changed as part of the
discussion at [1]. Peter, do you have any objections to switching back
to an OAuth-related name?

--Jacob

[1] https://postgr.es/m/6bde5f56-9e7a-4148-b81c-eb6532cb3651%40eisentraut.org

view thread (9+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: pgsql: Add support for OAUTHBEARER SASL mechanism
  In-Reply-To: <CAOYmi+nb_LVQs+Rjg3mh_CqRz3qOFMi55xD1+MBV4riEosruQQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox