Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vVwFk-009uT7-1y for pgsql-hackers@arkaria.postgresql.org; Wed, 17 Dec 2025 18:28:01 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vVwFj-00FgaL-1h for pgsql-hackers@arkaria.postgresql.org; Wed, 17 Dec 2025 18:28:00 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vVwFj-00FgaD-0i for pgsql-hackers@lists.postgresql.org; Wed, 17 Dec 2025 18:28:00 +0000 Received: from mail-qv1-xf32.google.com ([2607:f8b0:4864:20::f32]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vVwFh-001HBO-0H for pgsql-hackers@lists.postgresql.org; Wed, 17 Dec 2025 18:27:59 +0000 Received: by mail-qv1-xf32.google.com with SMTP id 6a1803df08f44-8887f43b224so78923156d6.1 for ; Wed, 17 Dec 2025 10:27:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1765996075; x=1766600875; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=e5/ECljekIf0MzGZb3CYP0uvroHW3T1i2Bx4YK+MBCM=; b=d+FXmluzPPxH5HPNx1gYJMUH8yBnFNkMfEnvhh5l34sQK0cOdx66u4p0kaz0Grc4hW LC7QLUhc4aB1MpRtNEnCBKg1bfAUT8cqQpRyRJo5S6J38c7sNiyAVAOdmCNJiBuA1psP xEgOhK+GBf4EvcXPErA7HPLkoWt5LgGdmiWgSRCnSUpk3mjx1Ke1psItdynAIEjQChI7 KwuSqijd+7AFVjTl/tNhqLCP+c0D9Rif1atnYY0K6s0YxLxJG7vApKPsjUqDx7ePHti9 cXsol1Vc4+Q7JcflPYVZyMOMxYRx/TvQMwaYHox2sAS2vT+s16jmfjHrx2TNWwVAlqhj 4LWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765996075; x=1766600875; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=e5/ECljekIf0MzGZb3CYP0uvroHW3T1i2Bx4YK+MBCM=; b=Nz5JpJe1TUb8QeNzLTuWNjrJIfFKxa52Cn3vhk5967iY6pUG3gS36XX9FyVB0DjRmD SGHpd+fWTfV6ZHKXZZhdSWkCxfLV/mH5waRQM+B0kSWAxYv0vsxEQg/uqgzma4W2fWs9 UvQ4UeFcxnJozY1dn5NH6atMbx9wnMtZluSJirJSwdA7MM3q9nzJnK9H6aWQsY2+M/Fr Fsivcl/XoLW+uhxwoySaPxSrBlYUeqgLFOA+saYkxYaE574rguBBF1VCM9CPpno/Ffz2 1YXdr6tiaEIZ91UheQemEuAo12VG+iKQNbwMMOYCZNRzV5MLMxc6GPkYKkvOtMEQqAXx CY9g== X-Forwarded-Encrypted: i=1; AJvYcCWT6LMH0LayOfuCvrgWexcGZ+sGgMBaQTV5YoEJP0tdetsPKVGv6/qmWA7eJhQmP3WwW/sxlIEn4/BDwo3l@lists.postgresql.org X-Gm-Message-State: AOJu0YwW4LeiyNU/vwRn41nN/8puvDZvElqb15FB4xFt/u549P57Jktj WTAp/TxjqakAgL05dhswJcsisUbVvfvPX+8b6g0Mm8iK43ZaPOL7PoTqZpoRcrULgYfHSyB7kkP 57hAlV70Wy3qkXxvHel7JaPJ/JbZFqIycuqoN8xph X-Gm-Gg: AY/fxX6Ij7wg7xszqkfTELm54OcR+E1DsmFffOdNQ/Mwc5EcCMCnPLPqvx7xvI9tjuF Vehc122yhF6N5TAlTQ28Q6jyX24zdfp/UD22Zfjw5Xx3ZZ+d/kRTgDAebePNKJ84uy/MnLSClp2 52qbWBeycvBQURopmsKoRtmUOZr4HbYWzTuyRZj7LqnDl/4nABsjonTJaDeR+BMomGezpD/DHHa yXp/AXWWwMZnfcSukI87FuchiwhdKFrk/w25BnIIUacv4a9GkwrhhJcHaEdw+lIFaYNhdNbPQ== X-Google-Smtp-Source: AGHT+IG+bZRW+WTQFdIwnsa/u/YHQQ99GBvVSA5z+q4ZTl6g2DLJBrr5n+WCEyK/M70bFDKQ8qMvExktICcc3jLJ+G0= X-Received: by 2002:a05:6214:1c05:b0:880:4605:b2d3 with SMTP id 6a1803df08f44-8887e46c2afmr304915826d6.63.1765996074878; Wed, 17 Dec 2025 10:27:54 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Jacob Champion Date: Wed, 17 Dec 2025 10:27:44 -0800 X-Gm-Features: AQt7F2qQfe2dyMAr1x5bI3cZD0CkfvZPunwB6h1KngVZLFlfhL7gzBVifBM7YC8 Message-ID: Subject: Re: Custom oauth validator options To: VASUKI M Cc: Zsolt Parragi , PostgreSQL Hackers , david.g.johnston@gmail.com, Robert Haas , myon@debian.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, Dec 16, 2025 at 10:30=E2=80=AFPM VASUKI M wrote: > Overall, +1 that this limitation is real and worth discussing.I=E2=80=99l= l plan to send a patch shortly exploring option (b). Thanks! > Reg very long HBA lines: totally agree this is a real readability issue,b= ut allowing per-line includes or external file feels like a seperate(and mu= ch bigger)topic,probably best tackled independently. I forgot to mention in my reply to Zsolt, but we've supported inline inclusions in HBA for a few releases now. (I just frequently forget they exist.) pg_hba.conf: hostssl all all 0.0.0.0/0 oauth @oauth-settings.conf oauth-settings.conf: issuer=3Dhttps://oauth.example.org/v2 scope=3D"openid email let-me-into-pg" validator=3Dexample_org map=3Dexamplemap And for smaller annoyances, you can wrap lines with backslash continuation. I haven't used these new features much, since I forget they exist, so if there are usability problems in practice please say something so we can fix it. --Jacob