Re: [OAuth2] Infrastructure for tracking token expiry time

public inbox for [email protected]  
help / color / mirror / Atom feed

From: VASUKI M <[email protected]>
To: Zsolt Parragi <[email protected]>
Cc: Ajit Awekar <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: [OAuth2] Infrastructure for tracking token expiry time
Date: Tue, 17 Feb 2026 16:17:50 +0530
Message-ID: <CAE2r8H6Tc6F2BM-JqC+gp-HQKCzfHOx02Xj5MmuS-AY4jfN5iw@mail.gmail.com> (raw)
In-Reply-To: <CAN4CZFNV69LS6H87sV-iPO9w_V-_uko4_G_0QKb1cokJvWhF6g@mail.gmail.com>
References: <CAER375PhG5an=p1=6QS6vWi=BHxR+ViJmYPDkkEtpgVsfCcu_w@mail.gmail.com>
	<CAE2r8H5QAng_rRrkVmGbLuQSgbMz94tpOOOdJKeuHj=go0nXqg@mail.gmail.com>
	<CAN4CZFOe-0jTR7_s2uciX9TNKxRvd2h8avAw9iFO6VPu0CChsQ@mail.gmail.com>
	<CAER375Oh6U_kqP0SK8OP47vy3PBd4p1C027Gaod3B2bqKgMFoQ@mail.gmail.com>
	<CAN4CZFNV69LS6H87sV-iPO9w_V-_uko4_G_0QKb1cokJvWhF6g@mail.gmail.com>

Hi All,

I see the concern about keeping the validator API generic and not
implicitly favoring JWT-style providers.
The callback-based approach does seem more flexible, especially for opaque
tokens or providers supporting revocation, where validity cannot be
represented as a fixed timestamp.
Perhaps one possible direction could be to support both:

An optional expiry timestamp for simple/static cases.

An optional callback (e.g., expired_cb) for dynamic validation.

This would allow JWT-based validators to remain lightweight while enabling
more complex providers to implement custom revalidation logic.
If enforcement is planned at statement start, integrating the callback
mechanism in the same patch might also clarify the intended semantics.

Best regards,
Vasuki M
C-DAC,Chennai

view thread (11+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: [OAuth2] Infrastructure for tracking token expiry time
  In-Reply-To: <CAE2r8H6Tc6F2BM-JqC+gp-HQKCzfHOx02Xj5MmuS-AY4jfN5iw@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox