| From: | Jacob Champion <champion(dot)p(at)gmail(dot)com> |
|---|---|
| To: | Andrey Chudnovsky <achudnovskij(at)gmail(dot)com> |
| Cc: | Shlok Kyal <shlok(dot)kyal(dot)oss(at)gmail(dot)com>, mahendrakar s <mahendrakarforpg(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "smilingsamay(at)gmail(dot)com" <smilingsamay(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Date: | 2023-11-15 20:20:56 |
| Message-ID: | CAGu=u8hek_wh_gyvG_0jR8dPtYdgc=htOWVEDgJn_7-qrYZ1AQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Nov 9, 2023 at 5:43 PM Andrey Chudnovsky <achudnovskij(at)gmail(dot)com> wrote:
> Do you plan to support adding an extension hook to validate the token?
>
> It would allow a more efficient integration, then spinning a separate process.
I think an API in the style of archive modules might probably be a
good way to go, yeah.
It's probably not very high on the list of priorities, though, since
the inputs and outputs are going to "look" the same whether you're
inside or outside of the server process. The client side is going to
need the bulk of the work/testing/validation. Speaking of which -- how
is the current PQauthDataHook design doing when paired with MS AAD
(er, Entra now I guess)? I haven't had an Azure test bed available for
a while.
Thanks,
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2023-11-15 20:21:33 | Re: Some performance degradation in REL_16 vs REL_15 |
| Previous Message | Jacob Champion | 2023-11-15 19:59:25 | Re: pg_dump needs SELECT privileges on irrelevant extension table |