Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vWIji-00GkCF-1V for pgsql-hackers@arkaria.postgresql.org; Thu, 18 Dec 2025 18:28:27 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vWIjh-003S9c-07 for pgsql-hackers@arkaria.postgresql.org; Thu, 18 Dec 2025 18:28:25 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vWIjg-003S9R-1w for pgsql-hackers@lists.postgresql.org; Thu, 18 Dec 2025 18:28:25 +0000 Received: from mail-yx1-xb132.google.com ([2607:f8b0:4864:20::b132]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vWIje-001SSZ-27 for pgsql-hackers@lists.postgresql.org; Thu, 18 Dec 2025 18:28:25 +0000 Received: by mail-yx1-xb132.google.com with SMTP id 956f58d0204a3-641e942242cso761686d50.1 for ; Thu, 18 Dec 2025 10:28:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=percona.com; s=google; t=1766082501; x=1766687301; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UBuUic1yH1xY/Iynz3L6cw3i9t7ZMh5ZJbB2dlFPmuk=; b=P4R8HVR19zVH9k/Mdx7havgsOBFTv522JyZBbEkZUoLmLMy/JDHNUKbQzH+UzaHRt1 miUT6LZA3UKtcHTmlaDlqJvafa2Az8Kcu+rr6y1KKqj3VTlwlUAbqJz3zTiOvS/xCEMY PkAf1MiPdt+VLkN5MtSBiHfoVWxX6JnaVjo+Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766082501; x=1766687301; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=UBuUic1yH1xY/Iynz3L6cw3i9t7ZMh5ZJbB2dlFPmuk=; b=cR2sf70AJ6bFRph80G38eURv8YMOcgyvMkpFCZsFLrf6BIKrZwU1vZ5SPOBcJmo2ty ll++/AxfzEa64h5Yt4v1t54spEAQINtEO6ff1tShI3y2cfW9FjqWrD7OI9+SfE+2nbvR pvwcRF/NTnwAfueyM7RiLKBixrfIh27OFwi0ppwk8bt5FPIYdos/6odlN1eZQw8RPI4d fNQJ9S7GWnE4ZhX6WC6RRGn39mYyQ1XvfSOvZ9IRY4Vyjoyez9+A6RHcCbvwfikNgqZf QUuIT1px/fqlrXZRgO0E6ARjw5YvQxtTf35vUknUN0xERxKXkkgSXSUSzN/f4xOSRFtx SDqQ== X-Forwarded-Encrypted: i=1; AJvYcCXNnMR5Uz//g5g0u8Z2It9p++UL4TPcO57FH1JtGap/Ukx4BtdhwDGVRARZAC61L1McqFkuOTt0SRh4iM0A@lists.postgresql.org X-Gm-Message-State: AOJu0YwDDPip3pPDMvSn/ZwHJHgAk7M8GS/GvB+BPac1IcV+hRwAzeeY YfNL8O7rPC7ucWDh1flBjdJLqZ/CvX6yQNz+i2imW/agO6UyRzb6AAg3nMonX8zCJRtCKM2sOv8 yWo932jUSfSWlz7fvLKHT2HH0p3Zu8+YCFp4HG7sV543TbXXJcd9KaK0U+pfKsH/zj+phuEgwx+ dVBAB1TDpMWw8nRLuQtD4BceZsS4LcUTlOHIvOcxquvXz7VYYSNIz2arzDRJfBxPs375Kd8RFng Pw4ztziXi92zl9ENIKM1Vj+rPTbK/FMZQwN7xbrXCfJ5wz2S5UbQZe6ry7S8qoMh6g= X-Gm-Gg: AY/fxX4XQbZ3UGI0xKNO9HJCukVteL2S6kmQkGEjlMvZQp+760UFAh1R7L8qnmYhUuC QMnkw4FqTwE2TQlPGqV5iH/2/VTtHgvUHm4ryqYCbXhkZAqMG5vV0WNxiSDmap42I+ekeVLrgeJ pG8A+V/kdt6CHpij+UkW8tSfNkmy1um7O4q7FCG3itdPuIEDiie6m7OKWWaiMFxSSKoatwEDF7A PiTC7uxtGiSsorizHvI5O6VNv+NWb5AAUMZ1j1RADqnxeXpGZglSGj67MX+B4CjPfM9IrDZMYFx nd22Na4M+RSFsOuzWNCywkpJRQqqDxk4KmABX4rmJx6py5vgDozj+8lM X-Google-Smtp-Source: AGHT+IGbhw6c2Sk7z+yV/DDEzuH935Ci2JyBgiCJHQ+shmiw2DOEtreqSbcFE0xO8BJMcZ62cKm3z/DCb1bkQNyX8sU= X-Received: by 2002:a53:e18c:0:b0:644:7712:eda2 with SMTP id 956f58d0204a3-6466a8b5875mr198109d50.29.1766082501462; Thu, 18 Dec 2025 10:28:21 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Zsolt Parragi Date: Thu, 18 Dec 2025 18:28:11 +0000 X-Gm-Features: AQt7F2qP4KoF_mBjAWIPrvInPMZOPtIJ6T49zDvQQ0QuQGcguqFdIbExlXth--Y Message-ID: Subject: Re: Custom oauth validator options To: Jacob Champion Cc: VASUKI M , PostgreSQL Hackers , david.g.johnston@gmail.com, Robert Haas , myon@debian.org Content-Type: text/plain; charset="UTF-8" X-CLOUD-SEC-AV-Sent: true X-CLOUD-SEC-AV-Info: percona,google_mail,monitor X-Gm-Spam: 0 X-Gm-Phishy: 0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > Might be more reason to look into the GUC system? I am already thinking about that, I have some ideas for a proof of concept, but no working prototype yet. But without requiring shared_preload_libraries, we can't do early error reporting during postmaster startup about custom parameters. Is that okay? GUCs already work this way, and this could be a bit safer (reporting unknown parameters/refusing to proceed during login, when we can completely parse all parameters), but it would be different compared to how pg_hba is handled currently.