Re: Making changes to PgAdmin for the OAuth flow PoC with Postgres

On Fri, 18 Nov 2022 at 10:39, Khushboo Vashi
<khushboo(dot)vashi(at)enterprisedb(dot)com> wrote:
>
> Hi,
>
> On Fri, Nov 18, 2022 at 9:47 AM mahendrakar s <mahendrakarforpg(at)gmail(dot)com> wrote:
>>
>> Hi PgAdmin Hackers,
>>
>> I am working on oauth poc with Postgres, here the flow is:
>> Authentication Code with pkce
>>
> As per my knowledge, Postgres doesn't support Oauth2 authentication to connect a database server directly, of course the other way is you can configure PEM authentication and then use it.
>
I'm working with pg community for oauth support on postgres and this
is the PoC which I'm working on as mentioned earlier.

>> In this flow, I need to configure or make changes to PgAdmin to
>>
>> 1. Pass additional parameters in the connection string like below for psql:
>> ./psql -U mahendrakars(at)microsoft(dot)com -d 'dbname=postgres
>> oauth_client_id=xxxx oauth_client_secret=xxx
>> oauth_flow_type=auth_code'
>
> Did this work?
Yes, with my PoC changes in postgres, it works.
>>
>> I am not sure how to pass these params in PgAdmin or configure it
>> to pass them.
>>
>> 2. PgAdmin needs to listen on redirection url so that the user can
>> sign in and obtain the auth_code.
>> 3 . PgAdmin needs to send the auth_code to libpq during the oauth flow.
>> 4. Libpq sends the refresh_token to PgAdmin ( and used in future to
>> get the access_token in which case PgAdmin sends it to libpq).
>>
>> Can you suggest what would be the best way to do this?
>>
> We have configured the Oauth2 authentication in pgAdmin only for login to the pgAdmin app, not for the database.
> You can check the Oauth module but my suggestion is that, first you try with a simple python script for your POC, after that you can try with pgAdmin.
>
Okay.
>> Thanks,
>> Mahendrakar.
>>
>>