Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w6AZb-0041TS-2J
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 27 Mar 2026 17:02:15 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w6AZa-00AuMG-0k
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 27 Mar 2026 17:02:14 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1w6AZZ-00AuLx-2y
	for pgsql-hackers@lists.postgresql.org;
	Fri, 27 Mar 2026 17:02:14 +0000
Received: from mail-ot1-x331.google.com ([2607:f8b0:4864:20::331])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1w6AZY-00000001Loc-0z2Y
	for pgsql-hackers@lists.postgresql.org;
	Fri, 27 Mar 2026 17:02:13 +0000
Received: by mail-ot1-x331.google.com with SMTP id
 46e09a7af769-7d75ed779bfso2199639a34.2
        for <pgsql-hackers@lists.postgresql.org>;
 Fri, 27 Mar 2026 10:02:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1774630931; cv=none;
        d=google.com; s=arc-20240605;
        b=DBg4hBBvP7KMT+S4gOQOPzJ5k1Pu+irn9ijnw+q4WcwasMWclvkAsS5dix4R8a0Uy2
         J5dNITxQEI/HK6cWgL9XlL4uN+dH7ZaV1BnnGBrF/xj1pm4WyJ6Keg9e/Z7Vm3Az8rQm
         7iQAHbFj3CqLsqXTH7OlBa/0PV6SB39xVBorOsy4YlxJbawKYn14iXujkuC1oVC+sTeP
         LrJqhRjd89qDQxoeRZ4F+JP0h1HqBoO0J3VWwOYMHINQE+jeh4xIyJhlTy2YdSuqdhou
         P8i+IkeUrEnA+VDMbLQw//ZggmG7B7oA1FpY56yrYeZei4cis8FUPtF19GVagM/CwbUe
         RyVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=6IFl8uB9qN6g4/lnm65iyRQ+Wps1o4zeYGXnDv4RvRQ=;
        fh=cdzI04tLufpgt6onbc35Bk5SAzq4cfu3zofGS55DNI0=;
        b=kOSRWTcnHJhjR3bWSnSfmYZA2fHJa5FeSyRM+ePp9xjVVtS3jaO/VbMh+KGNyOadiw
         pousCagz/qm4vuyM7rU03R5FPwfWroTM5718M7SpseXIKCFxR81L33efPsVRIlfgmImB
         LWECh11tK3ZieCViv6eYuoxS3/IIAc/vWIR2MK6sv8y2J11ax8MOIavUi12PqLTk5v45
         TExqBlnqtwcnqEz++WiaCORLTqhoU63UkeTIpRN35frbCnTos7MP2XmlGHhKHO+Sq7h3
         TeykTo1Pf8EeTtbsptFm3wiRFSzTciWy4UeSKNoa0RCria2HCpXxm6n1EBO9gJ9Bi/vx
         1Z7g==;
        darn=lists.postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1774630931; x=1775235731;
 darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=6IFl8uB9qN6g4/lnm65iyRQ+Wps1o4zeYGXnDv4RvRQ=;
        b=hmjeyNlIYxjw63lh5QW26hxFbSPzvJx8cs7g3XAx6GEyPAVdwiFOHdocyPduylaGfJ
         rV9SUYMaWWl+v1SOr85oKM71S2h8m8m+pWeOsSiGMkJxk0o1s2awLeU7fHBLoOY/jKmx
         CQ4PaxclZjvq5951Ez8uhn7aedEdc0Vnnamcx4jWkrN0pWhbSnLiqvqoqv5kMY6dGJkG
         Pwc5K5WAfcwS72tNyr9CXzMOTwd5DHCJ0MsirETLT2Zu4PKS3vB41ZZmblwq9TJfdPPE
         ctmSSjDdliDne4otbys5vqRsDS8XYOWNV+Q30rjyZqYL6OQ2WOn2ObJVcpn/2KV7kGN+
         dByA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774630931; x=1775235731;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=6IFl8uB9qN6g4/lnm65iyRQ+Wps1o4zeYGXnDv4RvRQ=;
        b=jXojNq0XI7jy/RljU9HERqKS6+HI6bkAieiVlsTHRAeZyqPxty4QM+D1cAEY6qGXtX
         bgM/jgTxStTqbEk7TyrcOH0Bt2Jc6iVaAunj2Q+0PbNwIEmZGfsQkNkxe2lQXijNIRUv
         PHx/+NTBdM53buWHMacHaIEf8WlsEl7pKaOIew84SuXoNVESzrx+yP0E201lfJTmwPUU
         3p2cS8DovtOenvjo9wVM1mTqFZ+GsF9HAzxb7g4UDt0037zLL7eaJWaAIBHvgnwvBPwu
         43jA5AzeeAKXV5QsYStO5DrqAnZKXtRj3vg5nJ4WHDLCZfQmRhaR9LHDjmGEayi8vDKy
         xbVg==
X-Forwarded-Encrypted: i=1;
 AJvYcCWK+3qDZr3o+/fm6JaoFBSVWTNd0Grv4Y//nCm08TXIlvCzC8TGkzWerNjqcPebq6IfxtB1IBzq0UtmUxTz@lists.postgresql.org
X-Gm-Message-State: AOJu0YzGw9AoPRCo2zOI7L5s7uWHVg5tmPE47m+rm6VJZUKRQ7CUQNqf
	GFRDBfDVsm076cMV9FNvppEKF0cok0n3sQ5XSBvpsib+usyNVyNmVTpRGF+q6q9UAW35KuE1Y70
	iFVjrbbUofUpSTL72KuAQ9D4JqpLs5V4s8XucLdVT6hvFwPTt0C4JoQ==
X-Gm-Gg: ATEYQzxYKbXxe+UHNuZpNoiqQsTYrKuvU9AO63ZDMXyhTFr3KCtFXiu4/OfOAT9m1Kb
	tM2oQNQhkMdZTDrMUtFIwAa2eTut80vL9+nYIBEqiRCdlfBLlVohJsIox7rSILw2MO4sd9TNydS
	iUrVG3iVFWtzHwyqej5UxxSRKrQoau4Vz7U3feX4TTKrbCsVO+Vw83T3ISgbe18eArv3hxBt3tA
	3x4noOCn8yjdga2Gi0k4TeyobVC5qgn4o8OnNMBfid4HUKjNFpBCWbPrpYkagCCjwkc5r5+nOn4
	uwyl4ArO2Q==
X-Received: by 2002:a05:6830:700d:b0:7d7:cea3:6d89 with SMTP id
 46e09a7af769-7d9fad9a1d2mr1831991a34.4.1774630931337; Fri, 27 Mar 2026
 10:02:11 -0700 (PDT)
MIME-Version: 1.0
References: <202601241015.y5uvxd7oxnfs@alvherre.pgsql>
 <CAOYmi+kLmjJmtmkKs1mWcmNFsgQWsY8ajRhctsrmeVy-y6OKFw@mail.gmail.com>
 <CAOYmi+naxE5os6dSPpVp-=ip=xv_dfmtypOOjzEfreA2KgVPTA@mail.gmail.com>
 <CAOYmi+kCD3GmTZMQKC=zXZb10SpVX3FpztUZaqMwZ5BJr-G=tg@mail.gmail.com>
 <CAN4CZFOXdgVT-HQQvjQVushcQtiBovcrLz4ohLtkCKXBWgN_VA@mail.gmail.com>
In-Reply-To: 
 <CAN4CZFOXdgVT-HQQvjQVushcQtiBovcrLz4ohLtkCKXBWgN_VA@mail.gmail.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
Date: Fri, 27 Mar 2026 10:01:59 -0700
X-Gm-Features: AQROBzBMOweI9V_xwpvnDMEqnk4nM3NyRSgIfZg6Olb2TyODUrfsSCvCfirAY0Q
Message-ID: 
 <CAOYmi+mxcvtJ9QJhxd4SbYHk=+L9r3VrK0xJ1DsM+H3pFFUtGg@mail.gmail.com>
Subject: Re: unclear OAuth error message
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: =?UTF-8?Q?=C3=81lvaro_Herrera?= <alvherre@kurilemu.de>,
	Pg Hackers <pgsql-hackers@lists.postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAOYmi%2BmxcvtJ9QJhxd4SbYHk%3D%2BL9r3VrK0xJ1DsM%2BH3pFFUtGg%40mail.gmail.com>
Precedence: bulk

On Mon, Mar 23, 2026 at 2:21=E2=80=AFPM Zsolt Parragi <zsolt.parragi@percon=
a.com> wrote:
> Isn't including the detail for both the warning and the fatal error
> still overly verbose?

I'm not too worried about verbosity for an internal error situation;
users shouldn't see it. If they do, I don't mind being very loud about
whose fault it is.

(I'm also influenced by some recent support work on clusters that have
huge log volumes. If someone is focused on the internal error, they
should be able to see at a glance what caused that error, and if
someone is focused on the authentication failure, they should be able
to see at a glance what caused that. The more logs you have to
correlate in a "help! no one can log in" panic situation, the less
likely you are to succeed.)

> Shouldn't the oauth code include a sanity check to ensure validators
> return no error_detail on success instead of silently ignoring it?

IMO, no. I don't want error_detail to add semantics to the API, just
descriptive power. Plus, I think a design that sets a possible error
message before entering a complex operation, knowing that it will be
ignored on success, is perfectly valid. libpq-oauth, and to a lesser
extent libpq, make use of that pattern.

--Jacob