Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u66vf-00BLMM-I4 for pgsql-hackers@arkaria.postgresql.org; Sat, 19 Apr 2025 12:04:15 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u66vc-00D5Jk-1m for pgsql-hackers@arkaria.postgresql.org; Sat, 19 Apr 2025 12:04:12 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u66vb-00D5Jb-Nr for pgsql-hackers@lists.postgresql.org; Sat, 19 Apr 2025 12:04:12 +0000 Received: from mout-p-102.mailbox.org ([80.241.56.152]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1u66vY-000u5t-0l for pgsql-hackers@postgresql.org; Sat, 19 Apr 2025 12:04:11 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4Zfqzn1nLPz9sxP; Sat, 19 Apr 2025 14:04:05 +0200 (CEST) Date: Sat, 19 Apr 2025 14:03:29 +0200 From: Christoph Berg To: Jacob Champion Cc: Jelte Fennema-Nio , Peter Eisentraut , Andres Freund , Tom Lane , Bruce Momjian , PostgreSQL Hackers , Daniel Gustafsson , Thomas Munro , Nazir Bilal Yavuz , Antonin Houska , Wolfgang Walther , Devrim =?iso-8859-1?B?R/xuZPx6?= Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER Message-ID: Mail-Followup-To: Christoph Berg , Jacob Champion , Jelte Fennema-Nio , Peter Eisentraut , Andres Freund , Tom Lane , Bruce Momjian , PostgreSQL Hackers , Daniel Gustafsson , Thomas Munro , Nazir Bilal Yavuz , Antonin Houska , Wolfgang Walther , Devrim =?iso-8859-1?B?R/xuZPx6?= References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4Zfqzn1nLPz9sxP List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Re: Jacob Champion > > libpq_append_conn_error(conn, "no custom OAuth flows are available, > > and libpq-oauth could not be loaded library could not be loaded. Try > > installing the libpq-oauth package from the same source that you > > installed libpq from"); > > Thanks! I think that's a little too prescriptive for packagers, > personally, but I agree that the current message isn't correct > anymore. I've gone with "no custom OAuth flows are available, and the > builtin flow is not installed". This whole oauth business is highly confusing if you aren't a web security expert. It's a pretty long way from "the builtin flow is not installed" to "if you want this to work, you need to install an extra library/package on the client", so I don't think this message is helpful. The originally suggested message was pretty good in that regard. The distinction about custom flows could probably be dropped. How about this: No libpq OAuth flows are available. (Try installing the libpq-oauth package.) People who have custom flows will likely know that they have to do anyway. Devrim: Does that match the package name you'd use? > (I suppose packagers could patch in a > platform-specific message if they really wanted?) We could, but I'd prefer if we didn't have to. :*) Christoph