Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w7z4z-00068t-2g
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 01 Apr 2026 17:10:10 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w7z4w-001b6i-3A
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 01 Apr 2026 17:10:07 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1w7z4w-001b6a-2I
	for pgsql-hackers@lists.postgresql.org;
	Wed, 01 Apr 2026 17:10:07 +0000
Received: from mail-qv1-xf33.google.com ([2607:f8b0:4864:20::f33])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1w7z4t-0000000031a-1yAt
	for pgsql-hackers@lists.postgresql.org;
	Wed, 01 Apr 2026 17:10:05 +0000
Received: by mail-qv1-xf33.google.com with SMTP id
 6a1803df08f44-899d6b7b073so88694876d6.2
        for <pgsql-hackers@lists.postgresql.org>;
 Wed, 01 Apr 2026 10:10:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1775063401; cv=none;
        d=google.com; s=arc-20240605;
        b=VK6DmfeRyd3NikOneawc3if/D4pFKrwkC1og5ammoum3JbGtdwPq474pa4pwDS/n0x
         hK3Dm2nkyNL8D1sHOklX5k+meIhiSctOMKe7RFPdrAzw4dUkiUwFi0GBCMkuwKJUd1+R
         E0zZet+hJRCOnmczWznR/m0gddtUeu0mIxtEhH9ZMjd9sfzR2t+awT4Z9ggD1N5AHcyY
         f7xox1PoQ3afNy7IVwIj0vBXw2vdmIMAVEt0dLvbXgfr6K+/ohhI/JFpVcMBo278NPdw
         bNeoGDHkf6UyatnFWslTkyeb5lRMh1adAHrOsWdRkpHD29R8oGzjOGAKk1P3bn+o1/5U
         fp6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=ASKLdkqL4i/l5wgidXUZ6KUcsZynojiAx2gruBj0Ruo=;
        fh=Uhl2MTexsexFzR1+X600UgWow4h7Z8f6vT6XJ84cwSU=;
        b=ARXYLhs2zflUluodh9WGH58CrlvujlS+kcsAIG8a5a+2/4wS04l2ShIeNkubPHZ5HM
         VZ/ouh4o9M6+aQQdSc675ukJBrTzbvnEgQ9GVBjcVTtymaXo1PuS7Bf6+XFBxU3MBz3l
         +yLoDeT8dgk+YJgyaYxKnccqdXsTsbs9mC8o6yArQablMWYz2lITwPxYahYT23ER0RAD
         Ir9JlcbiliLBq2BbrkdeBweBfjIg44Rg/iVDPuHdP0IuQh/iWz7CeGH4sjuv1FhRSIC7
         TrCqRwwlfdn1G8/Gif1uUzOOTiSQoVbikFsVWOW55dDzOx59LqIzeqvgk7bct3aCRtjq
         zasw==;
        darn=lists.postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1775063401; x=1775668201;
 darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=ASKLdkqL4i/l5wgidXUZ6KUcsZynojiAx2gruBj0Ruo=;
        b=kHpQ2zBd0mLV4AnuX1o4NK/5I433VDpXtZSsE1epiicNDuoy9WqIKZDZtg/CX3A9h5
         Til9jjYoSb/OJHXyW0pgdOW7umqocWu8CBZlr1E5YohXfHf/ryQ3lkrmn8pp1SSepy19
         IQJHPJvaFe3/XWVA9nJV2JT4Z/NOJsJY64ju1SWMLFiiKl7qKCBYI0ZZGYcolYQtO4BG
         Hse+JM64RWDEepRcIL8T356ZMUv4jEGJYTfRTj15gRIkk0SmVnHwnuBaYKxnUKfZeoVF
         lqLHkCdgw9ldc2gvCrcSaa4MflExnd5Z9hPOTpM0UrAyIZqKbsE8pG6eclUotPBp14Lg
         kvKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1775063401; x=1775668201;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=ASKLdkqL4i/l5wgidXUZ6KUcsZynojiAx2gruBj0Ruo=;
        b=lKusA370R6h4fdFpR4jQPboQYNnBCI9EgOYFXv5srwT26yuqwcTFaZW0sguRIemLSi
         i44i3gQE2ZiQmDiYZd/1yKWwnaAkc+eVQwnfL0zOOWz6X4VfR/HlXBeHmvrLSy1CZ/c9
         ai0TGTAlKQSkwnlnohA7p48ZGnkc0IovEijpYNm1qguBO7mtC+rTo1XXD65wa87e4mWP
         GiiTBfThO/HYQIce7Tzc7WJ5t/HaJydaV4XPqaF8qEkU482Yn+RM1b9rRG+v4pWEwPFj
         +2UNOhk/C9jTSe1HtOfeArx9lAz6jhEThfd0eDUy1Bo9bB+qhMlKkFmG+u78n0vtJo2U
         ZFmw==
X-Gm-Message-State: AOJu0YwxiI27CxoanFBi1WsMjD1UTqY/tsFOJn8B4qb6DCSKgu5Ex4tH
	QpFfk8OqROCcHGDQElbMVGUOEyr3Y+aUKOlEWPvfYmYKdOoqiWdO7HHLbitzJsjvMgjy1ks0t+6
	urjKJeTRBp2Xquk7u3H9f3/wJavZupYcqVd3kDYWRZxjOis29FWEPJQ==
X-Gm-Gg: ATEYQzw6BA7YN5aUBnfndq4nGveSyB+inRVihEt+y6LK2iVanU362l+8rfVRNyW43x2
	L75Y3BbuDMuuatlts0G3yOTckOo++QKnx4HfNM7Snm/rFsmG0Slsc+kzvWIGn3SMarAPOK7jnYl
	+4nEHXflKxn+0OTXq6zm0DkDyGunOf1jV84jJEJKJ40t8i11xOdSKwzErVQLiGgG4NLUHetRcEE
	82lC2gFBNFsuMxhabz6+1dHKZFXr/v7O98LK+2q/Ox+04zsuMQHiVOvUT3PLGJN/5UCbELL7S2p
	hBFee/DCug==
X-Received: by 2002:a05:6214:212b:b0:89c:ae4c:39c5 with SMTP id
 6a1803df08f44-8a43681a0b7mr70471426d6.11.1775063400879; Wed, 01 Apr 2026
 10:10:00 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAN4CZFMmDZMH56O9vb_g7vHqAk8ryWFxBMV19C39PFghENg8kA@mail.gmail.com>
 <CAOYmi+k_et3yXpJ8op71-95j7OYg-kX5bWLgW9YTV_5G7f+O1A@mail.gmail.com>
 <CAOYmi+kivcSnazEJA=KWknd3azGYnU3mMq9SUvht5Zq74qNcYQ@mail.gmail.com>
 <CAN4CZFMKCB2OXPGW0R_hCSu4Gg==B7dBSrv6Mf-YuFcrUncADg@mail.gmail.com>
 <CAOYmi+kCYZ3YiOu+oSv1gVW6LXQaNg4BcEpskYizWgfV1z12kA@mail.gmail.com>
 <CAN4CZFPNL4xuNAwmD1-TUR-z+C84axb+cdhip26k3YBFYo9r1g@mail.gmail.com>
In-Reply-To: 
 <CAN4CZFPNL4xuNAwmD1-TUR-z+C84axb+cdhip26k3YBFYo9r1g@mail.gmail.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
Date: Wed, 1 Apr 2026 10:09:48 -0700
X-Gm-Features: AQROBzBRMPJd1GFRKmtSXUEzO0GoU-kkBovHeTOedsyxYeoFuv3boS9UE1q0004
Message-ID: 
 <CAOYmi+mN2OeFotwLKwwSDAuXHJ6xmrn3AtkUoHRcfAEENSFbMA@mail.gmail.com>
Subject: Re: [oauth] Split and extend PGOAUTHDEBUG
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAOYmi%2BmN2OeFotwLKwwSDAuXHJ6xmrn3AtkUoHRcfAEENSFbMA%40mail.gmail.com>
Precedence: bulk

On Wed, Apr 1, 2026 at 2:35=E2=80=AFAM Zsolt Parragi <zsolt.parragi@percona=
.com> wrote:
> +/* all safe and unsafe flags, for the legacy UNSAFE behavior */
> +#define OAUTHDEBUG_UNSAFE_ALL ((uint32) ~0)
>
> The name of this variable is a bit confusing, it's not only about
> unsafe settings. I understand why you added the unsafe to it, but
> before checking the value/comment I thought this will be the bitmask
> of all unsafe options.

I agree.

> On the other hand I don't have a better idea
> other than simply using ALL.

OAUTHDEBUG_LEGACY_UNSAFE?

> +oauth_get_debug_flags(void)
> +{
> + uint32 flags =3D 0;
> + const char *env =3D getenv("PGOAUTHDEBUG");
> ...
>
> One of the reasons why I implemented this in a C file is because I
> wanted to avoid reparsing and warning spam/duplication.

I think I'm missing something; how does the choice of .c/.h change
things? There's no static tracking in v1 of the patchset (nor should
there be without locking or atomics, which is not maintenance I really
want to introduce for a debug feature).

> Reparsing
> shouldn't be a major issue since this is a debug feature, but this
> approach causes a warning to print twice in a few corner cases.

Which new corner cases? v1 also prints duplicates (e.g. with
`UNSAFE:blah,http`). I didn't intend to introduce any new calls to
oauth_get_debug_flags() over those already done in v1/v2; if I did
that's a bug.

--Jacob