| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | VASUKI M <vasukianand0119(at)gmail(dot)com> |
| Cc: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, david(dot)g(dot)johnston(at)gmail(dot)com, Robert Haas <robertmhaas(at)gmail(dot)com>, myon(at)debian(dot)org |
| Subject: | Re: Custom oauth validator options |
| Date: | 2025-12-17 18:27:44 |
| Message-ID: | CAOYmi+nY9F5J9+m1TEm-LCPVitmfO-9nGp9HW+T_=tmiYH4vAA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Dec 16, 2025 at 10:30 PM VASUKI M <vasukianand0119(at)gmail(dot)com> wrote:
> Overall, +1 that this limitation is real and worth discussing.I’ll plan to send a patch shortly exploring option (b).
Thanks!
> Reg very long HBA lines: totally agree this is a real readability issue,but allowing per-line includes or external file feels like a seperate(and much bigger)topic,probably best tackled independently.
I forgot to mention in my reply to Zsolt, but we've supported inline
inclusions in HBA for a few releases now. (I just frequently forget
they exist.)
pg_hba.conf:
hostssl all all 0.0.0.0/0 oauth @oauth-settings.conf
oauth-settings.conf:
issuer=https://oauth.example.org/v2
scope="openid email let-me-into-pg"
validator=example_org
map=examplemap
And for smaller annoyances, you can wrap lines with backslash continuation.
I haven't used these new features much, since I forget they exist, so
if there are usability problems in practice please say something so we
can fix it.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Burd | 2025-12-17 18:34:13 | Re: [PATCH] Fix ARM64/MSVC atomic memory ordering issues on Win11 by adding explicit DMB ?barriers |
| Previous Message | Kirill Reshke | 2025-12-17 18:27:05 | Re: eliminate xl_heap_visible to reduce WAL (and eventually set VM on-access) |