Re: Custom oauth validator options

public inbox for [email protected]  
help / color / mirror / Atom feed

From: VASUKI M <[email protected]>
To: Jacob Champion <[email protected]>
Cc: Zsolt Parragi <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: [email protected]
Cc: Robert Haas <[email protected]>
Cc: [email protected]
Subject: Re: Custom oauth validator options
Date: Thu, 18 Dec 2025 10:44:05 +0530
Message-ID: <CAE2r8H439jg+e5gXJpNNMoroe4CfWauDRfUBZC_9NUNTOhqzBQ@mail.gmail.com> (raw)
In-Reply-To: <CAOYmi+kMuA7t9ao6rWZ=5kn_Zmd7qtwOay_ocEBXwkzKWbefhQ@mail.gmail.com>
References: <CAN4CZFM3b8u5uNNNsY6XCya257u+Dofms3su9f11iMCxvCacag@mail.gmail.com>
	<CAE2r8H55geNFtECuFunpgn0LJK2+rntGuTeqNr6mP7gGhWFRbA@mail.gmail.com>
	<CAN4CZFP_2fe2-18wUoXDZodV8suVe9o++pv=hP8KxxvWkmCx7A@mail.gmail.com>
	<CAOYmi+kMuA7t9ao6rWZ=5kn_Zmd7qtwOay_ocEBXwkzKWbefhQ@mail.gmail.com>

On Thu, Dec 18, 2025 at 12:31 AM Jacob Champion <
[email protected]> wrote:

> On Wed, Dec 17, 2025 at 1:28 AM Zsolt Parragi <[email protected]>
> wrote:
> > Instead we decided to let everyone configure which claim they want to
> > use for user mapping. But because of that, this is a GUC, and they can
> > only configure it once pre server.
>
> We're getting closer; I agree that this needs to be more flexible than
> it is, and I'm on board with a change, but I'm still missing the
> "killer app". What's the case where a user has multiple HBA lines that
> all want to use unrelated claims for authentication to one Postgres
> cluster? Is this multi-tenancy, or...?
>
> Beyond multitenancy,per -HBA OAuth  cases where options are needed for
safe provider migration[blue/green],per-database security policies,mixed
Human/machine authentication[JWT/Introspection] and incident-response
scenarios -all global GUCs are too coarse.

See also the old conversation regarding LDAP hba/ident
> [1]
>
> [1]
> https://postgr.es/m/CAOuzzgpFpuroNRabEvB9kST_TSyS2jFicBNoXvW7G2pZFixyBw%40mail.gmail.com


 Thanks, Will go through it.

Regards,

Vasuki M
CDAC,Chennai.

view thread (24+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Custom oauth validator options
  In-Reply-To: <CAE2r8H439jg+e5gXJpNNMoroe4CfWauDRfUBZC_9NUNTOhqzBQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox