Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u2Qa9-000QEs-Oy for pgsql-hackers@arkaria.postgresql.org; Wed, 09 Apr 2025 08:14:49 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u2Qa7-001LAt-D5 for pgsql-hackers@arkaria.postgresql.org; Wed, 09 Apr 2025 08:14:47 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u2Qa7-001LAh-2j for pgsql-hackers@lists.postgresql.org; Wed, 09 Apr 2025 08:14:47 +0000 Received: from mout-p-101.mailbox.org ([2001:67c:2050:0:465::101]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1u2Qa5-003ptk-0d for pgsql-hackers@postgresql.org; Wed, 09 Apr 2025 08:14:46 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4ZXbMb2S3xz9shs; Wed, 9 Apr 2025 10:14:35 +0200 (CEST) Date: Wed, 9 Apr 2025 10:14:32 +0200 From: Christoph Berg To: Jacob Champion Cc: Peter Eisentraut , Andres Freund , Tom Lane , Bruce Momjian , PostgreSQL Hackers , Daniel Gustafsson , Thomas Munro , Nazir Bilal Yavuz , Antonin Houska , Wolfgang Walther Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER Message-ID: Mail-Followup-To: Christoph Berg , Jacob Champion , Peter Eisentraut , Andres Freund , Tom Lane , Bruce Momjian , PostgreSQL Hackers , Daniel Gustafsson , Thomas Munro , Nazir Bilal Yavuz , Antonin Houska , Wolfgang Walther References: <1120967.1742504934@sss.pgh.pa.us> <5bec3d4f-613f-425b-88c4-59e71c70f7d6@eisentraut.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4ZXbMb2S3xz9shs List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Re: Jacob Champion > Is it acceptable/desirable for a build, which has not been configured > --with-libcurl, to still pick up a compatible OAuth implementation > installed by the distro? If so, we can go with a "bare" dlopen(). If > that's not okay, I think we will probably need to use pkglibdir or > some derivative, and introduce a way for tests (and users?) to > override that directory selection. Unless someone has a good idea on > how we can split the difference. One design goal could be reproducible builds-alike, that is, have libpq configured with or without libcurl be completely identical, and the feature being present is simply the libpq-oauth.so file existing or not. That might make using plain dlopen() more attractive. Christoph