| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Álvaro Herrera <alvherre(at)kurilemu(dot)de> |
| Cc: | Pg Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: unclear OAuth error message |
| Date: | 2026-01-26 22:17:08 |
| Message-ID: | CAOYmi+kLmjJmtmkKs1mWcmNFsgQWsY8ajRhctsrmeVy-y6OKFw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Jan 24, 2026 at 6:50 AM Álvaro Herrera <alvherre(at)kurilemu(dot)de> wrote:
> But the code suggests that the module worked fine and made the
> determination not to authorize the user. If that's so, then why do we
> have the errdetail at all? Can't we just get rid of it and let the
> errmsg stand on its own merit?
For that code path I suspect we could get rid of the entire message,
because of what you mentioned later: auth_failed() is already going to
give us that. The validator can log what's important if needed, or
not. We could add some DEBUGs, maybe, so that you can still figure out
what's going on if a validator fails silently?
> Here it seems the validator did indeed have an internal problem of some
> sort, because while it did declare that the user was authorized, it did
> not provide what we were expecting from it. Should in this case the
> errmsg() be different?
Yeah, I think so. The errdetail should probably become the errmsg,
essentially (but with more context).
Thanks,
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chao Li | 2026-01-26 22:41:56 | Re: docs: clarify ALTER TABLE behavior on partitioned tables |
| Previous Message | Mihail Nikalayeu | 2026-01-26 21:33:00 | Re: Issues with ON CONFLICT UPDATE and REINDEX CONCURRENTLY |