Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w2MzX-000EGK-0r
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 17 Mar 2026 05:29:19 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w2MzW-00G5w7-00
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 17 Mar 2026 05:29:18 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <zsolt.parragi@percona.com>)
	id 1w2MzV-00G5vl-2F
	for pgsql-hackers@lists.postgresql.org;
	Tue, 17 Mar 2026 05:29:17 +0000
Received: from mail-yw1-x1131.google.com ([2607:f8b0:4864:20::1131])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <zsolt.parragi@percona.com>)
	id 1w2MzT-00000000YC3-0Osh
	for pgsql-hackers@postgresql.org;
	Tue, 17 Mar 2026 05:29:17 +0000
Received: by mail-yw1-x1131.google.com with SMTP id
 00721157ae682-79a40fb9890so19735617b3.1
        for <pgsql-hackers@postgresql.org>;
 Mon, 16 Mar 2026 22:29:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1773725353; cv=none;
        d=google.com; s=arc-20240605;
        b=apA+RMOwInR7DWrKlaeIXQW9TGH/5MZ0Bv5AJa0996m06dB0guWz/+khwqdT7BYrkJ
         jWOveyYKD1bKwQnykdiE9gCABLDlFpY6wEntdvsDeG5Da59wPDzaGCLBdtfDT0oobWke
         3LHksIS7mzFe+idjZ+7SVaBuEW5egmJNFQDmEYtdr3CHONAx6rU8dyUah3zkCZ8Ae2pb
         K+s+FYdLIdl3WM36V8yeHs9QVvpQqPV85Ru/BZ1EUJa4HOa2GgZD5THyFFYIk/yIEuaB
         bHyQ4OY0T+lf6ttN23sBQZfpnGT6GhzJlEkiOXCZT+YjHk35TdiC6DTWSVpKP/NUQ9Ye
         omVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=pZgEaH8o1Ko1kpfuTvWqOrNkkD2gmBIyH5IvzrHa/C0=;
        fh=4KY7uMqMbEdjp7r1JTq9C/thCZoEiZUn0Xyn6Z0XOIg=;
        b=klZlDDh46xet/0VcS7V4WPz0cDp1Jd8lWTdWUCdLmrzBI9LC6AprGI0mQUfijOEQim
         XQZHOgK5tOEObvffljcei12MpLu3zjkvDZuPs7ZL8e1PF8DPwPRgArvU94zPZm6Kubjg
         OYFgQ0Oyqfm5raSIbzcBOXAUxPmvvThT3LevVls8nEr8QYhEfJzIG7MG4fi4sPXC+rCm
         20FqXrynyfHjsWZ9U8IPc4u7/kylMimjjR1N6XibuL4KHSfuX4kWbIrJKV0fgXrPLh/t
         0rOucSTpW/2gI0fYGUrEXucwyM3cnlH5LcrGR9iLil6qOVVSJL9AtjXohlagzaDqlGwF
         la5Q==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=percona.com; s=google; t=1773725353; x=1774330153;
 darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=pZgEaH8o1Ko1kpfuTvWqOrNkkD2gmBIyH5IvzrHa/C0=;
        b=dlColg68akxES7xMYUPGfxx8iBtmmR9Bqm29TrZfEYjUk4CZJETNAQBy/JZ5slbYgD
         86Q5WcVSF6iSUFy1GLJ0aYcDfwGPY3UXITPf1nFqPv1MoMg6JwVbhm95mRzS1G9dWgQw
         CL2T/uKDdxAyFVnVzfTXyLnVyozdBlaFBKnZw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1773725353; x=1774330153;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=pZgEaH8o1Ko1kpfuTvWqOrNkkD2gmBIyH5IvzrHa/C0=;
        b=KbeKWvJ3uEplXkNH2BYi1miiCtu0FXB3KEwdu+iBt7gMopuHpXQxB8XOlV09iXGh9e
         Y2lkq1Wd/LVDzCy1WshvusXWfeG+wgQ6FZmxvHRzXLvyhk5IPaHFhaWMFiMX3ZA4Or05
         AONbdSgPrO7w3/BXo1/mRvGzlmxUvkimrWTXhi6MpvxNOzhPlTcCsASx7U2rHxe6jmd7
         AwIsbd46+HUGkySGlPtT1uWk0hYC1BWVgC8BHoEJIWX6u9mt7gPpvCZexvhCE/F5Ia9v
         FtKqwpzWJFkar97vY+FFtCtJK7bUxQ/vYFEf+NgXRzgqvwmg2ZwbgPpiSJKg/ekSWgWf
         KZgQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCVf25N9eG8t+vPqqbIqd101tdX3bYgP5ZDNk+OfUUwffXdy89tMZAtSUmZQkFwIQ0Iu5eJDSDWBEbH5xp8F@postgresql.org
X-Gm-Message-State: AOJu0YyRhO4ZjqVFPZCuJ5pEqa6nnq0Ft0yNq7F01CKfvS4LnCLHsMvK
	T6R7H2OjNXnIWvuuA8fJrJZxq+8f4bv+VOEu9wP151FXX1SE7roERhCj35kNfmNc1hsRxLErGxr
	z9I+ixgZmgbsdv3lS2+lLoAZ9byhh+q23KA7GJccI2J3MfwGY04cTPY3MBlo/uJSowg6HkCK2rC
	4mvqyhOMg6UhWAKUdbS3CQjipktTqicHzP9s0qkGhCpehPKvXE+5bibAxQO4L1O1HtvjnOE44WK
	RxhtPIU5JTQe1Tn95LrQVm+QqspTL+RcJ1V9Wvdt4Shj/vGGjE=
X-Gm-Gg: ATEYQzwwDmKxV1AXtgO9PajVF17caWK8AZwQ/FE6OqvLWG9eTKhrbRUgkTEmiNf63qT
	PQOLzzHSftwudzrYwIbnhUBiZn0/LOps7folKXT2wIoF2qnQBfVrJRTO6sSEETH+3Am/7yPwse6
	G4KnqbSIclSvgXL/q4aKq27xYf4pECVOJCn1QFQNuRApNDr3G/b1tswX1sQ2c062rdV11YWjmes
	jUZgOk4p2PNw5yDIXF1nU2+eoRCgsdYT/DnI1p7ErBCCVWsB9WbysD+74x0n2SaQUqG0wGOskrZ
	vfiq9fd9c+z8JYfBLrqwoJ5CpnO8kgPlrQv14EiGGA6yg1azap1ENpUi4dnO8ERlCj6d
X-Received: by 2002:a05:690c:6d83:b0:799:1c93:7adb with SMTP id
 00721157ae682-79a1c0fae83mr159454287b3.23.1773725353118; Mon, 16 Mar 2026
 22:29:13 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAN4CZFPim7hUiyb7daNKQPSZ8CvQRBGkVhbvED7yZi8VktSn4Q@mail.gmail.com>
 <7DB528BA-C7A0-4B23-890C-5332FB35A16E@yesql.se>
 <CAN4CZFNNfhFCQdFWui5HWbQR60eM-cyndZ7YgSv7b5SKxB9C2A@mail.gmail.com>
 <CAOYmi+mDSmh6RNizHRmMAwg4ZP2W=uai3Fr3-wm186NMypf_Pg@mail.gmail.com>
 <CAN4CZFNJftK8NaREYaLi-wqpEz3=crQ=1+3f_XUVji=aOrDSWA@mail.gmail.com>
 <7094F798-8DD1-4974-9A04-10E147B29581@gmail.com>
 <CAOYmi+kjtmRMBdBU3_bGKGDoRSK2AErXbGtHkAjFRapcQNmjhA@mail.gmail.com>
 <CAN4CZFNWBXtF-ML3yzdOvX3QEuUwVo5VrBzyWU3O=y-7SeDstA@mail.gmail.com>
 <15434512-B3FB-4AB3-B6B3-5D85ED0B4BBE@yandex-team.ru>
 <CAN4CZFNscs=hiOkRJYF39r7AD7ef9+MR+O2BQdEtE_2Ajdo5qw@mail.gmail.com>
 <CAOYmi+nVzkoLjzNk_58e0NnUPi9uVXwmurK2QP6CzC2WOpqwbg@mail.gmail.com>
 <CAN4CZFPjiUQbKo2q+ovs--AHkjvaE8OJyncB9xu5b+1gp=HHPQ@mail.gmail.com>
 <CAOYmi+=SR_nJJBh7UXZzK8Zbs21L2RUNkW3d9aPRkQOHj1bBPA@mail.gmail.com>
 <CAN4CZFO7ju7fjjv+qwObP8_V-Tdx463zV8F7u_s6wtg9ANVWVg@mail.gmail.com>
 <CAOYmi+kEYA0Tp2son-+Ti1wvSAPov87AVFf4qXATTOHRX1F2gg@mail.gmail.com>
 <CAN4CZFOmym1BaV_U2V56aOyRp2JMrw5nfn6kwcAEcu_RWK-F3Q@mail.gmail.com>
 <99C6E80B-8770-41C2-8084-BF3C7F389FFF@yandex-team.ru>
 <CAN4CZFN7u1kX3_0cfyVvtfiWpORxnvZo=xCr9Ag-F5Onp-hpbA@mail.gmail.com>
 <1B58D836-6B8F-4B9A-9B84-08965E5AA06B@yandex-team.ru>
 <CAOYmi+kxfGEKw7frQPxWYEA6Qe4BLc683UCNPTYCLdCCV0b4Jw@mail.gmail.com>
 <CAN4CZFP--Ec8hMgpu7JojgK9qS08bNnev0c6goA++T4Ozy8bOQ@mail.gmail.com>
 <CAOYmi+nsK1dSXaB+oicoyA6kM9ymygCLhSiKtkg1ph_P1uhYOQ@mail.gmail.com>
 <1AB529D5-6F5D-426D-AB99-12BB7DD394D3@gmail.com>
In-Reply-To: <1AB529D5-6F5D-426D-AB99-12BB7DD394D3@gmail.com>
From: Zsolt Parragi <zsolt.parragi@percona.com>
Date: Tue, 17 Mar 2026 05:29:04 +0000
X-Gm-Features: AaiRm52o66CIIFEZ5RfZtNsMWAO_TpsaqpAbOY0bYUvP_B9J8cctQ-IA4ZCjagU
Message-ID: 
 <CAN4CZFOwmgyv1002=EZTSM__97gX-1fG0Q3Q4Zy=XviVtZPRxg@mail.gmail.com>
Subject: Re: Improve OAuth discovery logging
To: Chao Li <li.evan.chao@gmail.com>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>,
 Andrey Borodin <x4mmm@yandex-team.ru>,
	Daniel Gustafsson <daniel@yesql.se>,
 PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
	Michael Paquier <michael@paquier.xyz>, Tom Lane <tgl@sss.pgh.pa.us>
Content-Type: text/plain; charset="UTF-8"
X-CLOUD-SEC-AV-Sent: true
X-CLOUD-SEC-AV-Info: percona,google_mail,monitor
X-Gm-Spam: 0
X-Gm-Phishy: 0
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAN4CZFOwmgyv1002%3DEZTSM__97gX-1fG0Q3Q4Zy%3DXviVtZPRxg%40mail.gmail.com>
Precedence: bulk

> As is_log_level_output() returns false against FATAL_CLIENT_ONLY, so that FATAL_CLIENT_ONLY should not reach send_message_to_server_log(). Should we assert edata->elevel != FATAL_CLIENT_ONLY?

Andrey asked the same question upthread, this mirrors how
WARNING_CLIENT_ONLY is implemented.

> As far as I understand, for a programmer error, Assert should be used. Why do we use elog(ERROR) here?

+1, I would also say that for CheckSASLAuth, specifying abandoned is
always required, since the caller can't know when it will result in an
error. So the assert/if should be at the beginning of the function,
not in the error path.

Or instead:

+ /*
+ * "Abandoned" is a SASL-specific state similar to STATUS_EOF, in that we
+ * don't want to generate any server logs. But it's caused by an in-band
+ * client action that requires a server response, not an out-of-band
+ * connection closure, so we can't just proc_exit() like we do with
+ * STATUS_EOF.
+ */
+ bool abandoned = false;
+

Have you considered adding the error level here instead, the same way
as in auth_failed, explicitly defaulted to normal fatal by the caller,
so existing code don't have to change it? That wouldn't need an
SASL-specific explanation or flag in the generic code.