| From: | VASUKI M <vasukianand0119(at)gmail(dot)com> |
|---|---|
| To: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
| Cc: | Ajit Awekar <ajitpostgres(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [OAuth2] Infrastructure for tracking token expiry time |
| Date: | 2026-02-17 10:47:50 |
| Message-ID: | CAE2r8H6Tc6F2BM-JqC+gp-HQKCzfHOx02Xj5MmuS-AY4jfN5iw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi All,
I see the concern about keeping the validator API generic and not
implicitly favoring JWT-style providers.
The callback-based approach does seem more flexible, especially for opaque
tokens or providers supporting revocation, where validity cannot be
represented as a fixed timestamp.
Perhaps one possible direction could be to support both:
An optional expiry timestamp for simple/static cases.
An optional callback (e.g., expired_cb) for dynamic validation.
This would allow JWT-based validators to remain lightweight while enabling
more complex providers to implement custom revalidation logic.
If enforcement is planned at statement start, integrating the callback
mechanism in the same patch might also clarify the intended semantics.
Best regards,
Vasuki M
C-DAC,Chennai
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashutosh Sharma | 2026-02-17 11:12:49 | Re: [PATCH] Support automatic sequence replication |
| Previous Message | Soumya S Murali | 2026-02-17 10:47:48 | Re: [PATCH] Expose checkpoint reason to completion log messages. |