Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vcphl-00BIt8-2D
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 05 Jan 2026 18:53:26 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vcphj-003nbe-0h
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 05 Jan 2026 18:53:24 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vcphi-003nbS-2s
	for pgsql-hackers@lists.postgresql.org;
	Mon, 05 Jan 2026 18:53:23 +0000
Received: from mail-qv1-xf2e.google.com ([2607:f8b0:4864:20::f2e])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vcphg-004jUX-0F
	for pgsql-hackers@lists.postgresql.org;
	Mon, 05 Jan 2026 18:53:22 +0000
Received: by mail-qv1-xf2e.google.com with SMTP id 6a1803df08f44-88a367a1dbbso2670736d6.0
        for <pgsql-hackers@lists.postgresql.org>; Mon, 05 Jan 2026 10:53:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1767639197; x=1768243997; darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=EWSForj4yW+OqgMALVWTx+hM3kbssnkjHMQ9zvMruQE=;
        b=PHLuS+hi5oxQAQQNuKTynL6fejdelewoehPHxbZ6zswG0JI3AeAXcNOJxJp5BBcH9y
         /db5u1Nm/1xyf/dPUiAyNhImifk4dLoRW/QDEEt+AsLpNx7UO4GnuGATB2NIxrBVSpgw
         MvWmRGUIQBTq6d97vjJjDFg7KTOhOuFndTr+wXMh8Km9E+VTqKB41iyqrzENUwOOc8dU
         kmirWB6Bd0CzNy0UausdAMd4XjvdM6KVKo7o0wDeal4a6eC+QSbtvwF8gBwQfyLnzX3y
         SxK0vA9q6xQOIerlCob8QMgMj+y+2lfIQL4r6j/fksenN2diHkFu62+b2mLK+oFQSBC3
         w7Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1767639197; x=1768243997;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=EWSForj4yW+OqgMALVWTx+hM3kbssnkjHMQ9zvMruQE=;
        b=PckizdgkOKopEDSL5EaAYr5sH071Aivn8O81IsaNr2ATF1a9adqMA1Auk7aBQfT1/H
         cPT/HaySYngspVdWo99kctqPYNM2Zi+FJXxYjILvCrkuzXvfdkWk9n/GHk7D0mASexjB
         kpDnxaFOmg43tv8+G7Q6Ut18gLmpfB4W3NAhqHMDoOVS00GNqp6J8jgThXTQSxA3Nupe
         fywRozAhg7AcEe7iPF/WmrR4om77UFBAOkfjGQsW25y3XbNxnaAdskL1kwqNc+W7G8MS
         DlstNb92csmdKX6JmieCarJQ00MRl45L6u734X/1ZaFYNzaIGCoy6kxHXYgZs81/SZDN
         6tVA==
X-Forwarded-Encrypted: i=1; AJvYcCUc5/JRRVySMx781ZgtG2l4/QhzV167BhI5qcLIBumuV8SzqzRZTd5TzRnjRsklokfpGmemV1lj2bpsiL+n@lists.postgresql.org
X-Gm-Message-State: AOJu0YzuL/2XOd4XBCQ9nUmc8mexQh1OCE0+33lerRbFaF3Lx+bTwxye
	0WOnNWlemmEEWxMO4nfmeIX42XbPVv4QwkSskn0Qv4m69NjOxXwJFVfn3IPr5bKj2pPZzwh+fwQ
	+AHPtcQpDM+I6EQ4NODyLjEMwPDt6Df0ni4YO19I5
X-Gm-Gg: AY/fxX5u6TAiwk7Ezl4LtCSFYUlVlxQcN2Y6uqYTXs+4ON7gORiJHFpwRh/wjvMZyTG
	HqespxREe2gaRSVctt0JiE1tAFGLQoQDpjwT8c2tfY2epPkyP2AQ9MwDrJNVNmDbVh6DkXo1sP3
	tE22xPQ0exo932Oo2tAWqH0vTDHx5II3IbFqhcMm8dXRBFD5l21oFolezubsYE/ViDaTOlfM4HV
	QEIdJIwWSk7/5Yw9Ui644upMamWTdyocGR8veY7vPMkJfup3LZ6KKfxZsCAPH5cbWFZCn5/Vw==
X-Google-Smtp-Source: AGHT+IGgH/Mf1Eb63i+3ogWL7Xq7wM+DhpVcUWAgu8VJDwla1WIw+pzj+2VWNmCeAgSf3TEylWcbxGhmeIjtMPA9Vzg=
X-Received: by 2002:a05:6214:2f02:b0:882:3b63:f7f5 with SMTP id
 6a1803df08f44-89075eb8675mr9825906d6.41.1767639197478; Mon, 05 Jan 2026
 10:53:17 -0800 (PST)
MIME-Version: 1.0
References: <CAN4CZFM3b8u5uNNNsY6XCya257u+Dofms3su9f11iMCxvCacag@mail.gmail.com>
 <CAE2r8H55geNFtECuFunpgn0LJK2+rntGuTeqNr6mP7gGhWFRbA@mail.gmail.com>
 <CAN4CZFP_2fe2-18wUoXDZodV8suVe9o++pv=hP8KxxvWkmCx7A@mail.gmail.com>
 <CAOYmi+kMuA7t9ao6rWZ=5kn_Zmd7qtwOay_ocEBXwkzKWbefhQ@mail.gmail.com>
 <CAE2r8H439jg+e5gXJpNNMoroe4CfWauDRfUBZC_9NUNTOhqzBQ@mail.gmail.com>
 <CAN4CZFN9RMF_79kx75SkQZezd91DocUzz89bJeBJrMO=uNuG2w@mail.gmail.com>
 <CAOYmi+krPZDC8K+9z64M2EY9fELTKzLbqw8fD_wK=87YV+TBgw@mail.gmail.com>
 <CAN4CZFPvjAt+eZJd=Rxp=yXRjva8CpJ_BbnF=vQW6uXCqfrjEg@mail.gmail.com>
 <CAOYmi+nbCrvcE9wLQdNCgMwDbbi_UzGYrzfC54txmMBJ9KxO=Q@mail.gmail.com> <CAN4CZFNywvG59B+nBgD1_1fHE2uODBH3EcF_gwLmC7Y5U6Ru4Q@mail.gmail.com>
In-Reply-To: <CAN4CZFNywvG59B+nBgD1_1fHE2uODBH3EcF_gwLmC7Y5U6Ru4Q@mail.gmail.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
Date: Mon, 5 Jan 2026 10:53:06 -0800
X-Gm-Features: AQt7F2oaL8m97-nhMRYauQKc-E3we_O_7-eyPk0B1XqJZFOIOJZwVYw0yRsh-hA
Message-ID: <CAOYmi+=-OdzHMzqg9i8TwYvgKwE-vroj0d-9SqnRnwbz02SgTg@mail.gmail.com>
Subject: Re: Custom oauth validator options
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: VASUKI M <vasukianand0119@gmail.com>, 
	PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, david.g.johnston@gmail.com, 
	Robert Haas <robertmhaas@gmail.com>, myon@debian.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/CAOYmi%2B%3D-OdzHMzqg9i8TwYvgKwE-vroj0d-9SqnRnwbz02SgTg%40mail.gmail.com>
Precedence: bulk

On Thu, Dec 18, 2025 at 12:29=E2=80=AFPM Zsolt Parragi
<zsolt.parragi@percona.com> wrote:
>
> > I think I need to do more staring at the intersection of GUC
> > registration and session_preload_libraries, because my memory of the
> > order of operations was faulty. I won't be able to do that before the
> > holidays, most likely.
>
> Maybe I'm missing something, but why do we need
> session_preload_libraries?

Well, how do you want "global" GUCs registered by the validator to
behave when OAuth isn't used for the connection?

> The question is if non-validator libraries should be able to define
> PGC_HBA variables.

I think we should try for that, yeah. Otherwise I suspect considerable
pushback on the idea of modifying the GucContext enum for something
that can only be used by OAuth.

> * require session_preload_libraries. We proceed with authentication
> even with unresolved HBA variables, but abort the connection if there
> are still unknown parameters after loading session preload.

Of those choices, this _seems_ nicest. It'd be good to get a feel for
how it behaves in practice though.

Thanks,
--Jacob