Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uA6yE-00Apbc-CB for pgsql-hackers@arkaria.postgresql.org; Wed, 30 Apr 2025 12:55:27 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uA6yB-00Dujp-QH for pgsql-hackers@arkaria.postgresql.org; Wed, 30 Apr 2025 12:55:24 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uA6yB-00Dujb-DE for pgsql-hackers@lists.postgresql.org; Wed, 30 Apr 2025 12:55:24 +0000 Received: from smtp.outgoing.loopia.se ([93.188.3.37]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uA6y9-000LnD-0T for pgsql-hackers@postgresql.org; Wed, 30 Apr 2025 12:55:23 +0000 Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id 500BD386BF5 for ; Wed, 30 Apr 2025 14:55:18 +0200 (CEST) Received: from s899.loopia.se (unknown [172.22.191.6]) by s807.loopia.se (Postfix) with ESMTP id 3A5A1386EFF; Wed, 30 Apr 2025 14:55:18 +0200 (CEST) Received: from s470.loopia.se (unknown [172.22.191.5]) by s899.loopia.se (Postfix) with ESMTP id 340882C8BA88; Wed, 30 Apr 2025 14:55:18 +0200 (CEST) X-Virus-Scanned: amavisd-new at amavis.loopia.se X-Spam-Flag: NO X-Spam-Score: -1.2 X-Spam-Level: X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1] autolearn=disabled Authentication-Results: s470.loopia.se (amavisd-new); dkim=pass (2048-bit key) header.d=yesql.se Received: from s899.loopia.se ([172.22.191.5]) by s470.loopia.se (s470.loopia.se [172.22.190.34]) (amavisd-new, port 10024) with UTF8LMTP id 28mQafKRjI30; Wed, 30 Apr 2025 14:55:17 +0200 (CEST) X-Loopia-Auth: user X-Loopia-User: daniel@yesql.se X-Loopia-Originating-IP: 89.255.232.193 Received: from smtpclient.apple (customer-89-255-232-193.stosn.net [89.255.232.193]) (Authenticated sender: daniel@yesql.se) by s899.loopia.se (Postfix) with ESMTPSA id 719B92C8BAC0; Wed, 30 Apr 2025 14:55:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se; s=loopiadkim1707475645; t=1746017717; bh=MnvpSz8Vn6fuZGK9KK//sjQbJgTthgX8Aw45Qzr8sCE=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=KD+8KqmEj3o3LeGGYbd7X5bJOO3KGACroYEhYaicH6C+Gce8WUoYKjLCYmRLpJMzN cXDHnBtgwrwifmCiAwUmEoALxEQ3qVcBukHXPXtxJq16Lws9fRwyo9xCA8woebCNRW 7dcyLvnEHQmjY7y/d+2fmtjgHx00jVEr7oB9+NBxh+TLG0KdgLfNgSZY0rb7FhFjH1 B6cnRD2GgzZjcFSrKfGns3bE1kNz8ipN4N1dOCK4GJjOsvj1ps2GdPPjqwptNpmemX hadHMEhu9oajaoz52LDpqNqk+yG+EMvLlnBeLadYpgsRCapNbf7RZq8C3H17vWL4xJ DIMFqJ8E+Ecqg== Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.1\)) Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER From: Daniel Gustafsson In-Reply-To: Date: Wed, 30 Apr 2025 14:55:07 +0200 Cc: Christoph Berg , Jelte Fennema-Nio , Peter Eisentraut , Andres Freund , Tom Lane , Bruce Momjian , PostgreSQL Hackers , Thomas Munro , Nazir Bilal Yavuz , Antonin Houska , Wolfgang Walther , =?utf-8?B?RGV2cmltIEfDvG5kw7x6?= Content-Transfer-Encoding: quoted-printable Message-Id: <8210C830-DDBB-4CD7-AB39-F5F59C36D547@yesql.se> References: To: Jacob Champion X-Mailer: Apple Mail (2.3776.700.51.11.1) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On 29 Apr 2025, at 02:10, Jacob Champion = wrote: >=20 > On Wed, Apr 23, 2025 at 10:46=E2=80=AFAM Jacob Champion > wrote: >> Are there any readers who feel like an internal ABI version for >> `struct pg_conn`, bumped during breaking backports, would be >> acceptable? (More definitively: are there any readers who would veto >> that?) >=20 > To keep things moving: I assume this is unacceptable. So v10 redirects > every access to a PGconn struct member through a shim, similarly to > how conn->errorMessage was translated in v9. This adds plenty of new > boilerplate, but not a whole lot of complexity. To try to keep us > honest, libpq-int.h has been removed from the libpq-oauth includes. That admittedly seems like a win regardless. > This will now handle in-place minor version upgrades that swap pg_conn > internals around, so I've gone back to -MAJOR versioning alone. > fe_oauth_state is still exported; it now has an ABI warning above it. > (I figure that's easier to draw a line around during backports, > compared to everything in PGconn. We can still break things there > during major version upgrades.) While I'm far from the expert on this subject (luckily there are such in = this thread), I am unable to see any sharp edges from reading and testing = this version of the patch. A few small comments: +libpq-oauth is an optional module implementing the Device Authorization = flow for +OAuth clients (RFC 8628). It was originally developed as part of libpq = core and +later split out as its own shared library in order to isolate its = dependency on +libcurl. (End users who don't want the Curl dependency can simply = choose not to +install this module.) We should either clarify that it was never shipped as part of libpq = core, or remove this altogether. I would vote for the latter since we typically = don't document changes that happen during the devcycle. How about something = like: +libpq-oauth is an optional module implementing the Device Authorization = flow for +OAuth clients (RFC 8628). It is maintained as its own shared library in = order to +isolate its dependency on libcurl. (End users who don't want the Curl = dependency +can simply choose not to install this module.) +- void libpq_oauth_init(pgthreadlock_t threadlock, + +At the moment, pg_fe_run_oauth_flow() relies on libpq's pg_g_threadlock = and +libpq_gettext(), which must be injected by libpq using this = initialization +function before the flow is run. I think this explanatory paragraph should come before the function = prototype. The following paragraph on the setters/getters make sense where it is = though. +#if defined(USE_DYNAMIC_OAUTH) && defined(LIBPQ_INT_H) +#error do not rely on libpq-int.h in libpq-oauth.so +#endif Nitpick, but it won't be .so everywhere. Would this be clearar if = spelled out with something like "do not rely on libpq-int.h when building = libpq-oauth as dynamic shared lib"? -- Daniel Gustafsson