Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1tzbPU-0047nh-94
	for pgsql-hackers@arkaria.postgresql.org; Tue, 01 Apr 2025 13:12:08 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1tzbPS-0027Qe-Mw
	for pgsql-hackers@arkaria.postgresql.org; Tue, 01 Apr 2025 13:12:06 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <daniel@yesql.se>)
	id 1tzbPS-0027QV-Cb
	for pgsql-hackers@lists.postgresql.org; Tue, 01 Apr 2025 13:12:06 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1tzbPQ-002kt8-01
	for pgsql-hackers@lists.postgresql.org;
	Tue, 01 Apr 2025 13:12:05 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id 68A3032716F
	for <pgsql-hackers@lists.postgresql.org>;
 Tue, 01 Apr 2025 15:12:02 +0200 (CEST)
Received: from s981.loopia.se (unknown [172.22.191.5])
	by s807.loopia.se (Postfix) with ESMTP id 54C17340380;
	Tue, 01 Apr 2025 15:12:02 +0200 (CEST)
Received: from s474.loopia.se (unknown [172.22.191.6])
	by s981.loopia.se (Postfix) with ESMTP id 52C6B22B176C;
	Tue, 01 Apr 2025 15:12:02 +0200 (CEST)
X-Virus-Scanned: amavisd-new at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s474.loopia.se (amavisd-new); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s979.loopia.se ([172.22.191.5])
 by s474.loopia.se (s474.loopia.se [172.22.190.14]) (amavisd-new, port 10024)
 with LMTP id CHwlpCz5cbSx; Tue,  1 Apr 2025 15:12:01 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.193
Received: from smtpclient.apple (customer-89-255-232-193.stosn.net
 [89.255.232.193])
	(Authenticated sender: daniel@yesql.se)
	by s979.loopia.se (Postfix) with ESMTPSA id BCC8B10BC478;
	Tue, 01 Apr 2025 15:12:01 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1743513121;
	bh=EYH8rIfyahItSCTKJbJRclrc1MHIVHn4k6XYQx1LrvA=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=wO8dcEOY2eFopOZt4VkLePiTILJRMDbxyz2QE/OheT5snAaP2TtkixpyTcLnNM+wR
	 BCIvIISyty0TOq1Gw26mOLbnMQjKO0qUktA7bW0wv6kEczdWB1ND3IFLY1o2/drpmd
	 Icicgmv8ivwSN/KO5pdNU7wC/kCH8QPdcQathdII7hPSXxt4tg09a1PqdCuuRQsmcO
	 J/I5aJ4cS2DjzBNr63ZpM9TlbiaZoK80ZwChbcEpbjKGgD7Wo0IorO5siYwJKPEC9U
	 0GLjgf1GnNXBq8HC1icYe+3cPrVcCe82ksef22ZaYaxKBcVHO5Qsj3Zz0tgIO4eXSw
	 CR8AOFjwMX63A==
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.1\))
Subject: Re: pgsql: Add support for OAUTHBEARER SASL mechanism
From: Daniel Gustafsson <daniel@yesql.se>
In-Reply-To: <Z-vkHdDPFlD8SKAf@msg.df7cb.de>
Date: Tue, 1 Apr 2025 15:11:51 +0200
Cc: Jacob Champion <jacob.champion@enterprisedb.com>,
 Thomas Munro <thomas.munro@gmail.com>,
 pgsql-hackers@lists.postgresql.org
Content-Transfer-Encoding: 7bit
Message-Id: <CB1D7ED6-0A7C-4B3E-84E4-72E9576E9AAD@yesql.se>
References: <E1tl8m6-000KH7-0J@gemulon.postgresql.org>
 <Z-sPFl27Y0ZC-VBl@msg.df7cb.de>
 <CAOYmi+=SEwJ+7ATgxrkvDFyGb-FQ5FN9eF_RVMic6DAU3bk5zw@mail.gmail.com>
 <Z-vkHdDPFlD8SKAf@msg.df7cb.de>
To: Christoph Berg <myon@debian.org>
X-Mailer: Apple Mail (2.3776.700.51.11.1)
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CB1D7ED6-0A7C-4B3E-84E4-72E9576E9AAD%40yesql.se>
Precedence: bulk

> On 1 Apr 2025, at 15:03, Christoph Berg <myon@debian.org> wrote:

> With the libpq-oauth split, this makes even more sense because
> building a library that always throws an error isn't very useful.
> (Don't build that file at all if the feature doesn't work.)

After the split, configure/meson should fail if the libcurl dependency isn't
satisfied or if the platform isn't supported.

> Since oauth/curl have some security implications, would it make more
> sense to call the switch --enable-oauth (-Doauth) so users could
> control better what features their libpq is going to have? Perhaps
> some other feature (pg_service as URL?) is going to need libcurl as
> well, but it should be configurable separately.

Perhaps --with-oauth-client for the opt-in libpq-oauth?

--
Daniel Gustafsson