Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vWHmr-00GYWa-1s for pgsql-hackers@arkaria.postgresql.org; Thu, 18 Dec 2025 17:27:38 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vWHmq-003CW2-0w for pgsql-hackers@arkaria.postgresql.org; Thu, 18 Dec 2025 17:27:37 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vWHmp-003CVu-3A for pgsql-hackers@lists.postgresql.org; Thu, 18 Dec 2025 17:27:36 +0000 Received: from mail-qt1-x835.google.com ([2607:f8b0:4864:20::835]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vWHmo-001MhT-1R for pgsql-hackers@lists.postgresql.org; Thu, 18 Dec 2025 17:27:35 +0000 Received: by mail-qt1-x835.google.com with SMTP id d75a77b69052e-4ee257e56aaso8365381cf.0 for ; Thu, 18 Dec 2025 09:27:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1766078853; x=1766683653; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=pQKga0Uj6xwBWwkxlE7pO5oxDh8c2dI/cPnODVH61i8=; b=Qkeg0DSrNoylGT0rIZbNcZ83WIMp/eD1c/fdfDgrlb5j37gG2egd/L1WVt9Dj/2PNe HzDotPjwPInt4yRElrsBtMF+VtHAnStmFaqvI0+M185rsj+xiwnCNfSIla8aRLFQlvlX ehsmIRxOFumzmcEPhD6mc3bnPIhWdT0VJIkggf4tD36T3DjcgPEuCJzFdlqFS/1ySXyF zXYFOjoGvdQddZ1J0qES8yhfBMxEAglIerJwsUBvDMQdxXhR7YirAsxBJS/ugQ8xoFYb MXLdK78JCfmiQ4DkBGOI5H9QKkEP9gaXHwUOhH2z22YRiyb+2fU3aQpctlZ05Xpf17fi Xn/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766078853; x=1766683653; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=pQKga0Uj6xwBWwkxlE7pO5oxDh8c2dI/cPnODVH61i8=; b=WewXWNGXi6zkvj9Vym6VF+BfA1pP9BfpzyvnQAwxCl6nHHDNCRrenKXOy9zmlrXH8q KoeQseEAhnsch+mmPJcRzylAvCKEB6HNqXIz7fudW15NMiV6CTiwgEt8twrTuKyIm3p6 4xuvM4XsNJUgMfkbAR8PkEveJb6xKLLBx8EP8x3n1lQdnE2KFPIgBUReI8iLl4nqGsAn GNzbgbaY4oxXV1H7rW4hZqZEZo/bT2jD06vjCcSc7yPqzsghRlFGzIgbR/tSCkfW0FxG S0GhEJVzcIhNErjGpYwDEpN7CEfyOQHOiXAl3hcaPCgC/MF3T634qtrjealOc00SUU3o AKTA== X-Forwarded-Encrypted: i=1; AJvYcCVyLI6lu0GGrkiU7RdJBoCz1Jtdpt5wm/B0utqOQ6cmuSd1KngVoJyhKTFImBycf0BIyHxxtsR+/x/vf98A@lists.postgresql.org X-Gm-Message-State: AOJu0YysC7fqwzMWbBg2cUOqbxPEGPV8GZelFLq7DFB2wQwdjQBSe6Cx rYR9KHqJTlisTL9YLLlA5rYV46MTr9XpbLoNivwM4t39dopDvXHw+e8lcgELfMGuehThOH8SUTD U1/6uhOTGLgXUUbK+N8ZLBBusqbhjV+Z6i0dEThOi X-Gm-Gg: AY/fxX7oZIIg8sgZDb/GANxyoMWrbEZS7sWkPpK7qBlj8M6CQKO2td5XDHASt+S1JPg /82w6wabVX9K2P0wfJ8PBdlaiM1zzGIGmsidS/fb+iueXMT1MVgXLGfNkM4z6stb9+kjShLEcT+ FtRXqrZpuyQS+b7wmwrm9dr3PTWvajannNTnYzxu7y++ebYN4c4xgq1b3ezAauQCBppdiSWqc9a zzkXXdpNHE5p2aJEeGS30qI+kF+T5/MXjQIOKxi25IIw+EPpzmygzjbCWDd4ZP7RUlrk7XW2w== X-Google-Smtp-Source: AGHT+IEQHS0Lw0BRjMW/8URjkYmRLMSqHt2xsfIZhW1Ie7Lz2LnM6u8Ff4KpcS/VrA8Uq4qtYS9+8wPpIy8l/UrxtsU= X-Received: by 2002:a05:622a:199d:b0:4f1:af84:387a with SMTP id d75a77b69052e-4f35f3a0267mr50293901cf.5.1766078852950; Thu, 18 Dec 2025 09:27:32 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Jacob Champion Date: Thu, 18 Dec 2025 09:27:22 -0800 X-Gm-Features: AQt7F2psp9_2fhOKMdcGVUKYK7zOsxmTs_jpDqBoycx_v83wA0f8g60T5J8fQ3U Message-ID: Subject: Re: Custom oauth validator options To: Zsolt Parragi Cc: VASUKI M , PostgreSQL Hackers , david.g.johnston@gmail.com, Robert Haas , myon@debian.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Dec 18, 2025 at 1:08=E2=80=AFAM Zsolt Parragi wrote: > > It however requires shared_preload_libraries (that is common > for all options), maybe oauth_validator_libraries could imply that? Haven't looked at the patch yet, but I think most people probably want to use session_preload_libraries, not shared_preload_libraries, so that a security update to their validator doesn't require a restart of the cluster. If a particular validator implementation requires shared preload, so be it; but I don't think we want to force it. Might be more reason to look into the GUC system? --Jacob