Re: Making changes to PgAdmin for the OAuth flow PoC with Postgres

From: Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com>
To: mahendrakar s <mahendrakarforpg(at)gmail(dot)com>
Cc: pgadmin-hackers(at)postgresql(dot)org
Subject: Re: Making changes to PgAdmin for the OAuth flow PoC with Postgres
Date: 2022-11-18 05:48:00
Message-ID: CAFOhELfZQ3FUiLQY1wBYeDzKh8ApYWFQx0GFHAFMFxqDuhGJSA@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgadmin-hackers

On Fri, Nov 18, 2022 at 11:06 AM mahendrakar s <mahendrakarforpg(at)gmail(dot)com>
wrote:

> On Fri, 18 Nov 2022 at 10:39, Khushboo Vashi
> <khushboo(dot)vashi(at)enterprisedb(dot)com> wrote:
> >
> > Hi,
> >
> > On Fri, Nov 18, 2022 at 9:47 AM mahendrakar s <
> mahendrakarforpg(at)gmail(dot)com> wrote:
> >>
> >> Hi PgAdmin Hackers,
> >>
> >> I am working on oauth poc with Postgres, here the flow is:
> >> Authentication Code with pkce
> >>
> > As per my knowledge, Postgres doesn't support Oauth2 authentication to
> connect a database server directly, of course the other way is you can
> configure PEM authentication and then use it.
> >
> I'm working with pg community for oauth support on postgres and this
> is the PoC which I'm working on as mentioned earlier.
>
> >> In this flow, I need to configure or make changes to PgAdmin to
> >>
> >> 1. Pass additional parameters in the connection string like below for
> psql:
> >> ./psql -U mahendrakars(at)microsoft(dot)com -d 'dbname=postgres
> >> oauth_client_id=xxxx oauth_client_secret=xxx
> >> oauth_flow_type=auth_code'
> >
> > Did this work?
> Yes, with my PoC changes in postgres, it works.
>
Great.
It will take time to make changes for Oauth2 DB connection in pgAdmin, If
you are willing to do it then let me know I will guide you.

> >>
> >> I am not sure how to pass these params in PgAdmin or configure it
> >> to pass them.
> >>
> >> 2. PgAdmin needs to listen on redirection url so that the user can
> >> sign in and obtain the auth_code.
> >> 3 . PgAdmin needs to send the auth_code to libpq during the oauth flow.
> >> 4. Libpq sends the refresh_token to PgAdmin ( and used in future to
> >> get the access_token in which case PgAdmin sends it to libpq).
> >>
> >> Can you suggest what would be the best way to do this?
> >>
> > We have configured the Oauth2 authentication in pgAdmin only for login
> to the pgAdmin app, not for the database.
> > You can check the Oauth module but my suggestion is that, first you try
> with a simple python script for your POC, after that you can try with
> pgAdmin.
> >
> Okay.
> >> Thanks,
> >> Mahendrakar.
> >>
> >>
>

In response to

Browse pgadmin-hackers by date

  From Date Subject
Next Message Fahar Abbas 2022-11-18 11:38:55 Re: pgAdmin4 v6.16 candidate builds
Previous Message mahendrakar s 2022-11-18 05:36:35 Re: Making changes to PgAdmin for the OAuth flow PoC with Postgres