public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jacob Champion <[email protected]>
To: Zsolt Parragi <[email protected]>
Cc: Chao Li <[email protected]>
Cc: Andrey Borodin <[email protected]>
Cc: Daniel Gustafsson <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: Michael Paquier <[email protected]>
Cc: Tom Lane <[email protected]>
Subject: Re: Improve OAuth discovery logging
Date: Fri, 20 Mar 2026 11:14:10 -0700
Message-ID: <CAOYmi+mw0ss04usMi-ShJPdAi9tmF=aO6SyM8qrtd8WfZsS7ag@mail.gmail.com> (raw)
In-Reply-To: <CAN4CZFO-asVDRLBXKZpbYeQh1dKKVHR6i_oHSrbuzfBu0v1Cyw@mail.gmail.com>
References: <CAN4CZFPim7hUiyb7daNKQPSZ8CvQRBGkVhbvED7yZi8VktSn4Q@mail.gmail.com>
<[email protected]>
<CAN4CZFNNfhFCQdFWui5HWbQR60eM-cyndZ7YgSv7b5SKxB9C2A@mail.gmail.com>
<CAOYmi+mDSmh6RNizHRmMAwg4ZP2W=uai3Fr3-wm186NMypf_Pg@mail.gmail.com>
<CAN4CZFNJftK8NaREYaLi-wqpEz3=crQ=1+3f_XUVji=aOrDSWA@mail.gmail.com>
<[email protected]>
<CAOYmi+kjtmRMBdBU3_bGKGDoRSK2AErXbGtHkAjFRapcQNmjhA@mail.gmail.com>
<CAN4CZFNWBXtF-ML3yzdOvX3QEuUwVo5VrBzyWU3O=y-7SeDstA@mail.gmail.com>
<[email protected]>
<CAN4CZFNscs=hiOkRJYF39r7AD7ef9+MR+O2BQdEtE_2Ajdo5qw@mail.gmail.com>
<CAOYmi+nVzkoLjzNk_58e0NnUPi9uVXwmurK2QP6CzC2WOpqwbg@mail.gmail.com>
<CAN4CZFPjiUQbKo2q+ovs--AHkjvaE8OJyncB9xu5b+1gp=HHPQ@mail.gmail.com>
<CAOYmi+=SR_nJJBh7UXZzK8Zbs21L2RUNkW3d9aPRkQOHj1bBPA@mail.gmail.com>
<CAN4CZFO7ju7fjjv+qwObP8_V-Tdx463zV8F7u_s6wtg9ANVWVg@mail.gmail.com>
<CAOYmi+kEYA0Tp2son-+Ti1wvSAPov87AVFf4qXATTOHRX1F2gg@mail.gmail.com>
<CAN4CZFOmym1BaV_U2V56aOyRp2JMrw5nfn6kwcAEcu_RWK-F3Q@mail.gmail.com>
<[email protected]>
<CAN4CZFN7u1kX3_0cfyVvtfiWpORxnvZo=xCr9Ag-F5Onp-hpbA@mail.gmail.com>
<[email protected]>
<CAOYmi+kxfGEKw7frQPxWYEA6Qe4BLc683UCNPTYCLdCCV0b4Jw@mail.gmail.com>
<CAN4CZFP--Ec8hMgpu7JojgK9qS08bNnev0c6goA++T4Ozy8bOQ@mail.gmail.com>
<CAOYmi+nsK1dSXaB+oicoyA6kM9ymygCLhSiKtkg1ph_P1uhYOQ@mail.gmail.com>
<[email protected]>
<CAN4CZFOwmgyv1002=EZTSM__97gX-1fG0Q3Q4Zy=XviVtZPRxg@mail.gmail.com>
<CAOYmi+=y=iAQ11E6jpUzOKsP8ARVK7g5=etaE3RsrtetFTN-+w@mail.gmail.com>
<CAN4CZFO-asVDRLBXKZpbYeQh1dKKVHR6i_oHSrbuzfBu0v1Cyw@mail.gmail.com>
On Tue, Mar 17, 2026 at 2:19 PM Zsolt Parragi <[email protected]> wrote:
> > That's not really true, because the caller hardcodes the mechanism
> > descriptor.
>
> I meant that the caller shouldn't depend on the implementation details
> of the mechanism. The abandoned comment says that '"Abandoned" is a
> SASL-specific state similar to STATUS_EOF ...', yet later it also
> depends on an implementation detail of which sasl mechanism actually
> use it.
I don't disagree, I'm just trying to point out that this coupling is
already part of CheckSASLAuth. See e.g. the handling of shadow_pass.
(I'm not very worried about this, because we're free to improve this
API at any time, and there are only two callers. Michael was very
receptive to prefactoring patches here prior to the addition of
OAUTHBEARER, and I expect we'll continue to refactor it if/when more
mechanisms show up. It's just hard to pull a general interface out of
two mechanisms as dissimilar as SCRAM and OAuth.)
> The patch is also good as-is, all these comments in the last few
> messages are just very minor details, I probably spent way too much
> time thinging about how to make this not oauth specific in the generic
> part of the code.
I appreciate the review!
I'm not in a rush to get this patch pushed, and I want to give Michael
ample time to weigh in. (Personally, I don't think anyone is likely to
argue against the behavior change here, only against how it's being
done. We have alternative implementations available if there are
strong opinions late in the cycle. So I feel pretty confident we can
land a fix for 19.)
Thanks,
--Jacob
view thread (26+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Improve OAuth discovery logging
In-Reply-To: <CAOYmi+mw0ss04usMi-ShJPdAi9tmF=aO6SyM8qrtd8WfZsS7ag@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox