Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w6Fbu-0046ev-1E for pgsql-hackers@arkaria.postgresql.org; Fri, 27 Mar 2026 22:24:58 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w6Fbs-00CVuK-1C for pgsql-hackers@arkaria.postgresql.org; Fri, 27 Mar 2026 22:24:56 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w6Fbs-00CVuB-0H for pgsql-hackers@lists.postgresql.org; Fri, 27 Mar 2026 22:24:56 +0000 Received: from smtp.outgoing.loopia.se ([93.188.3.37]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1w6Fbq-00000001Ot2-0eQt for pgsql-hackers@lists.postgresql.org; Fri, 27 Mar 2026 22:24:55 +0000 Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id B5D4D58488B for ; Fri, 27 Mar 2026 23:24:51 +0100 (CET) Received: from s980.loopia.se (unknown [172.22.191.6]) by s807.loopia.se (Postfix) with ESMTP id A2255582670; Fri, 27 Mar 2026 23:24:51 +0100 (CET) Received: from localhost (unknown [172.22.191.6]) by s980.loopia.se (Postfix) with ESMTP id 9F7652201639; Fri, 27 Mar 2026 23:24:51 +0100 (CET) X-Virus-Scanned: amavis at amavis.loopia.se X-Spam-Flag: NO X-Spam-Score: -1.2 X-Spam-Level: X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1] autolearn=disabled Authentication-Results: s473.loopia.se (amavis); dkim=pass (2048-bit key) header.d=yesql.se Received: from s899.loopia.se ([172.22.191.5]) by localhost (s473.loopia.se [172.22.190.13]) (amavis, port 10024) with LMTP id iccvCEZfleRA; Fri, 27 Mar 2026 23:24:51 +0100 (CET) X-Loopia-Auth: user X-Loopia-User: daniel@yesql.se X-Loopia-Originating-IP: 89.255.232.236 Received: from smtpclient.apple (customer-89-255-232-236.stosn.net [89.255.232.236]) (Authenticated sender: daniel@yesql.se) by s899.loopia.se (Postfix) with ESMTPSA id CC3AC2C8BA86; Fri, 27 Mar 2026 23:24:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se; s=loopiadkim1707475645; t=1774650290; bh=W0i4WTh7UF//L/svXhYzHz40OFF0ws9L/9MsW080VuA=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=Bosdo4DilQ4TWtSCTayYTy6RCGnvRv4NlNu0SCOQcEAZJkeAoO3K7MERIMsfFTq9a LnRB0Hdh0eugA9zxgF8bWGb/v5l3/b/OlSmRPyRHQM17UQVslLnUflU8SjSibhjAc8 IvvSwK1Tz8SQCbSZihG+hXPh9kqnaT65h1+2t2P0zwNUeWGoPjke/wIjFvQg2rSBMX xzdJWUTc9QC+ZGL64lc2/lpDH1lOr56A7A5rnVRgM5i9v5yhwaWSOJIW/SsRDwMYRm ra/Bk1dxbJyqUnzSTYgR8KGSSXYRFFxCsiSWrPn1Z8/Dq48liZ9ya5ZyfKdvppcLI+ ADNu10Nt3mcjA== Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.2\)) Subject: Re: unclear OAuth error message From: Daniel Gustafsson In-Reply-To: Date: Fri, 27 Mar 2026 23:24:40 +0100 Cc: Zsolt Parragi , =?utf-8?Q?=C3=81lvaro_Herrera?= , Pg Hackers Content-Transfer-Encoding: quoted-printable Message-Id: References: <202601241015.y5uvxd7oxnfs@alvherre.pgsql> To: Jacob Champion X-Mailer: Apple Mail (2.3776.700.51.11.2) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On 27 Mar 2026, at 18:01, Jacob Champion = wrote: >=20 > On Mon, Mar 23, 2026 at 2:21=E2=80=AFPM Zsolt Parragi = wrote: >> Isn't including the detail for both the warning and the fatal error >> still overly verbose? >=20 > I'm not too worried about verbosity for an internal error situation; > users shouldn't see it. If they do, I don't mind being very loud about > whose fault it is. >=20 > (I'm also influenced by some recent support work on clusters that have > huge log volumes. If someone is focused on the internal error, they > should be able to see at a glance what caused that error, and if > someone is focused on the authentication failure, they should be able > to see at a glance what caused that. The more logs you have to > correlate in a "help! no one can log in" panic situation, the less > likely you are to succeed.) Agreed. >> Shouldn't the oauth code include a sanity check to ensure validators >> return no error_detail on success instead of silently ignoring it? >=20 > IMO, no. I don't want error_detail to add semantics to the API, just > descriptive power. Plus, I think a design that sets a possible error > message before entering a complex operation, knowing that it will be > ignored on success, is perfectly valid. libpq-oauth, and to a lesser > extent libpq, make use of that pattern. Callsites can also clear the error message on success and not even rely = on it being ignored. + * This string may be either of static duration or palloc'd. + */ + char *error_detail; I'm not a big fan of "either static or allocated" and prefer if we just = require one or the other. We have this pattern in other places so it's not a = blocker for going it, but. -- Daniel Gustafsson