| From: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | OAuth client code doesn't work with Google OAuth |
| Date: | 2025-09-07 19:02:56 |
| Message-ID: | CAN4CZFN8ZqwcYWE8+Ur=OVTkS9_y44LH+AJCVc_c69UxrRD-ZA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello Hackers,
While working on an OAuth validator for PG18 I noticed that currently
the client code doesn't work when using Google as the OAuth provider.
It requires two small changes:
* The device code request only includes the OAuth Client ID in the
request body if the user doesn't specify a client secret (if the
secret is specified, the client ID is only sent as part of the basic
auth header), but Google OAuth always expects it in the body
* The wait loop for the authorization only expects HTTP 400 and 401,
but the Google endpoint responds with HTTP 428 (Precondition required)
Both issues are testable/verifiable without a properly working
validator, as they happen on the client side, before invoking the
validator logic.
I attached a small patch which fixes both.
| Attachment | Content-Type | Size |
|---|---|---|
| google_oidc.patch | application/octet-stream | 1.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-09-07 21:36:32 | Re: Conflict detection for update_deleted in logical replication |
| Previous Message | Sergey Fukanchik | 2025-09-07 14:00:56 | Re: [PATCH] Perform check for oversized WAL record before calculating record CRC |