Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vuifb-0030rt-1H for pgsql-hackers@arkaria.postgresql.org; Tue, 24 Feb 2026 03:01:07 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vuifZ-00GYfa-31 for pgsql-hackers@arkaria.postgresql.org; Tue, 24 Feb 2026 03:01:05 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vuifZ-00GYfS-24 for pgsql-hackers@lists.postgresql.org; Tue, 24 Feb 2026 03:01:05 +0000 Received: from mail-pg1-x531.google.com ([2607:f8b0:4864:20::531]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1vuifU-00000000xyn-34lf for pgsql-hackers@postgresql.org; Tue, 24 Feb 2026 03:01:05 +0000 Received: by mail-pg1-x531.google.com with SMTP id 41be03b00d2f7-c6e1dc5c5edso2109505a12.1 for ; Mon, 23 Feb 2026 19:01:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771902059; x=1772506859; darn=postgresql.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=NbR8OJbjqTojdpi5H0MTM83ZaVSEn/UqdlQBU3bZwMo=; b=C1msyw4MTRl7jdX9f9eZNsIYvwlkUopJTBE/DnWvM/5jPiA7H6BLa5Q+P3yLjeUdpS ouwcwNPJ82Iqx7LYkMSdrUmOKL0T0QdZM/NKJGS+oyJSLLi8nN0FukG9iITAtZXiXxJS H5KFR/K9n7tbF0fSyzDfTjuriBmXqdTHajTnmYyQuuPGzjEby+G+mv4lReTF/kACmqWE n5tmmuIbDyUjU/xpAQGJqLG+Xi9p6Mv+Wg5ItIR7NJAm6fxWWtZOv1kWmfW3cf0Vo/Rp T/e9oPal3MplgQ6/t0uTZQ/wWIG3CZvh32W1wAgoBONXF9Eg7OB+x8BdZF3iTjVllN5y Mzbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771902059; x=1772506859; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=NbR8OJbjqTojdpi5H0MTM83ZaVSEn/UqdlQBU3bZwMo=; b=HEsB5/Uusupg/WubQMUbynA8S/OSCZBtZdWLJSYaNNcDn4TE6zhGxpnR7co1FTIvTN 0JJo/IDeCNSBdImlV0+wDG++1taIXR/ItVdtKaKSFAL4/EhGkXWzb++OfjSPcJ3GHUWp LlafV8YjutrnPtsmp5JYV0AlgT9zECXYv4LNlqcyn4zcwk01fvohJZBUaBH6THMIizRB 53MJ5W/9XR+pmtqPWZjS1MJFEajRPPo6Cs/qn4nraMMylfeW6USL1zPJTxf1i7t+rvhy +tyX2jEz9R40bKymjJlA2dm5u26FTVPFogc7DhMT/jm1ODdPfrvsZS3uVQWAwtJvyByl ksjw== X-Forwarded-Encrypted: i=1; AJvYcCWMG8d5SCltO37sH55GUfWhgoDON59oXeHWS2XeiC4sNVC6Lz71Dd/DvbcgGFKLw10FBRQimUDPy3JMQZCc@postgresql.org X-Gm-Message-State: AOJu0Yxbx/bTT5NGiuxLJ0Hft/JT95QupEsu+U1kJBopx5qyVTk3IQoP xX+D1TU4/t7ujqJENWgRUo7L2fG0TLmv6i5c+kPXu4dwaUKa6SatykbI X-Gm-Gg: AZuq6aIXS2PBXrcUtEavyB2H4YHScISqwwYVkaMcTyk0ExlBU2VmGVYyaWZEVTuru53 DwpgnVkehI5dpv+HiA/x4yGyRxflE/3o+QR/Ocn8Y6/skYKgrxgz279eRuUpt+CKjFT+YZzkCMg 8tDUPg3ldGZ9sJD3Rl68yp5GUxCn1iSMZconvriYSI1GJIaLcNZg8XQmPR/feMn0xkZiCCz9DmM j85IaDPDJnz+74hf05/U/gvqWGZZ8C89I55lB7e4xI7HkkqECG5heOqIyTb4Okz1kGujxTYUf3S zCQEVHGLA51/1YX+xVEXNUz8+UNTxkg6VG0k/KL2kIadgTOcTNUg9P29lU+08fxFVzF2QV4RjxJ pO1JaJVgqGsz8zQe1enGGkyGNDjmiQ3G6OzlBNGINvFSBYx+MkoDy1AavZrfuxGlVf+sXJW7BKE DaC99OpjCJIVYgyn0TozXSahgzzOr0jw== X-Received: by 2002:a05:6a20:12c4:b0:394:6208:6624 with SMTP id adf61e73a8af0-39545f2d9ecmr10789039637.36.1771902058982; Mon, 23 Feb 2026 19:00:58 -0800 (PST) Received: from smtpclient.apple ([203.10.98.27]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c70cf22c6f2sm2810833a12.29.2026.02.23.19.00.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Feb 2026 19:00:58 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.300.41.1.7\)) Subject: Re: Improve OAuth discovery logging From: Chao Li In-Reply-To: Date: Tue, 24 Feb 2026 11:00:23 +0800 Cc: Jacob Champion , Daniel Gustafsson , PostgreSQL Hackers , Michael Paquier Content-Transfer-Encoding: quoted-printable Message-Id: <7094F798-8DD1-4974-9A04-10E147B29581@gmail.com> References: <7DB528BA-C7A0-4B23-890C-5332FB35A16E@yesql.se> To: Zsolt Parragi X-Mailer: Apple Mail (2.3864.300.41.1.7) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On Feb 13, 2026, at 21:13, Zsolt Parragi = wrote: >=20 > These all are good suggestions, attached updated patch. >=20 >> Maybe something like PG_SASL_EXCHANGE_ABANDONED? >=20 > This is the only one I wasn't sure of, I used RESTART because I was > focusing more on the intention of the server ("please restart > authentication with this additional information"), and a bit also on > the idea that later restart could stay even within the same > connection, both in this case and if we add support for > reauthentication on token expiration. >=20 > On the other hand I'm not 100% sure how the other two would work, and > ABANDONED is a better description for the current situation, so I > adjusted the patch to use that. > Hi Zsolt, Thanks for the patch. A few small comments: 1 - commit message ``` SASL/Oauth code, by introducing a new SASL authentication status, PG_SASL_EXCHANGE_RESTART. The expectation is that authentication ``` Looks like you forgot to update the commit message to change = PG_SASL_EXCHANGE_RESTART to PG_SASL_EXCHANGE_ABANDONED. 2 - auth-oauth.c ``` /* The (failed) handshake is now complete. */ + if (ctx->state =3D=3D = OAUTH_STATE_ERROR_DISCOVERY) + { + ctx->state =3D OAUTH_STATE_FINISHED; + ereport(DEBUG1, + errmsg("OAuth issuer = discovery requested")); + return PG_SASL_EXCHANGE_ABANDONED; + } + ctx->state =3D OAUTH_STATE_FINISHED; return PG_SASL_EXCHANGE_FAILURE; ``` "ctx->state =3D OAUTH_STATE_FINISHED;" is duplicated in the =E2=80=9Cif=E2= =80=9D and after the =E2=80=9Cif=E2=80=9D, so it can be pull up to = before the =E2=80=9Cif=E2=80=9D. Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/