pgsql: doc: Clarify OAuth validator authn

public inbox for [email protected]  
help / color / mirror / Atom feed

pgsql: doc: Clarify OAuth validator authn_id logging
3+ messages / 3 participants
[nested] [flat]

* pgsql: doc: Clarify OAuth validator authn_id logging
@ 2026-06-05 22:22 Daniel Gustafsson <[email protected]>
  2026-06-06 12:36 ` Re: pgsql: doc: Clarify OAuth validator authn_id logging Erik Rijkers <[email protected]>
  0 siblings, 1 reply; 3+ messages in thread

From: Daniel Gustafsson @ 2026-06-05 22:22 UTC (permalink / raw)
  To: [email protected]

doc: Clarify OAuth validator authn_id logging

Document that OAuth validators can return an authenticated identity
in the authn_id member.  The server records the identity value before
checking if the connection is authorized, so it may appear in
connection-authentication logs (even if the connection later fails
authorization).

Also remove outdated wording saying that all result parameters are
ignored when a validator returns false since validators may provide
error_detail.

Patch by Chao Li with some additional wordsmithing by me.

Author: Chao Li <[email protected]>
Reviewed-by: Jacob Champion <[email protected]>
Reported-by: Daniel Gustafsson <[email protected]>
Discussion: https://postgr.es/m/[email protected]

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/4cb2e2fe0aa8251bef8c2e2351cd5a062c105c0a

Modified Files
--------------
doc/src/sgml/oauth-validators.sgml | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: pgsql: doc: Clarify OAuth validator authn_id logging
  2026-06-05 22:22 pgsql: doc: Clarify OAuth validator authn_id logging Daniel Gustafsson <[email protected]>
@ 2026-06-06 12:36 ` Erik Rijkers <[email protected]>
  2026-06-07 23:56   ` Re: pgsql: doc: Clarify OAuth validator authn_id logging Michael Paquier <[email protected]>
  0 siblings, 1 reply; 3+ messages in thread

From: Erik Rijkers @ 2026-06-06 12:36 UTC (permalink / raw)
  To: Daniel Gustafsson <[email protected]>; [email protected]; Michael Paquier <[email protected]>

Op 6/6/26 om 00:22 schreef Daniel Gustafsson:
> doc: Clarify OAuth validator authn_id logging
> 
> Author: Chao Li <[email protected]>
> Reviewed-by: Jacob Champion <[email protected]>
> Reported-by: Daniel Gustafsson <[email protected]>
> Discussion: https://postgr.es/m/[email protected]
> 
> Branch
> ------
> master
> 
> Details
> -------
> https://git.postgresql.org/pg/commitdiff/4cb2e2fe0aa8251bef8c2e2351cd5a062c105c0a
> 
> Modified Files
> --------------
> doc/src/sgml/oauth-validators.sgml | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)

Hi,

In doc/src/sgml/oauth-validators.sgml, and if I understand this text 
correctly (always a big if), then:

"If the validator returns true and set result->authn_id then"

should be:
"If the validator returns true and sets result->authn_id then"
   (i.e., set -> sets)

(added Michael in CC as he seems to collect these minimal patches, to be 
committed later as a group)

Thanks,

Erik







^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: pgsql: doc: Clarify OAuth validator authn_id logging
  2026-06-05 22:22 pgsql: doc: Clarify OAuth validator authn_id logging Daniel Gustafsson <[email protected]>
  2026-06-06 12:36 ` Re: pgsql: doc: Clarify OAuth validator authn_id logging Erik Rijkers <[email protected]>
@ 2026-06-07 23:56   ` Michael Paquier <[email protected]>
  0 siblings, 0 replies; 3+ messages in thread

From: Michael Paquier @ 2026-06-07 23:56 UTC (permalink / raw)
  To: Erik Rijkers <[email protected]>; +Cc: Daniel Gustafsson <[email protected]>; [email protected]

On Sat, Jun 06, 2026 at 02:36:24PM +0200, Erik Rijkers wrote:
> In doc/src/sgml/oauth-validators.sgml, and if I understand this text
> correctly (always a big if), then:
> 
> "If the validator returns true and set result->authn_id then"
> 
> should be:
> "If the validator returns true and sets result->authn_id then"
>   (i.e., set -> sets)
> 
> (added Michael in CC as he seems to collect these minimal patches, to be
> committed later as a group)

In auth-oauth.c, there is a validate() path setting the authn_id, so
your suggestion sounds right.  I've grabbed that for later.  My branch
can always be overwritten by somebody else's commit preference, of
course, so if you feel that this should be fixed separately, feel free
to go ahead.
--
Michael


Attachments:

  [application/pgp-signature] signature.asc (833B, 2-signature.asc)
  download

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

end of thread, other threads:[~2026-06-07 23:56 UTC | newest]

Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-06-05 22:22 pgsql: doc: Clarify OAuth validator authn_id logging Daniel Gustafsson <[email protected]>
2026-06-06 12:36 ` Erik Rijkers <[email protected]>
2026-06-07 23:56   ` Michael Paquier <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox