Re: Improve OAuth discovery logging

On Tue, Mar 17, 2026 at 2:19 PM Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> wrote:
> > That's not really true, because the caller hardcodes the mechanism
> > descriptor.
>
> I meant that the caller shouldn't depend on the implementation details
> of the mechanism. The abandoned comment says that '"Abandoned" is a
> SASL-specific state similar to STATUS_EOF ...', yet later it also
> depends on an implementation detail of which sasl mechanism actually
> use it.

I don't disagree, I'm just trying to point out that this coupling is
already part of CheckSASLAuth. See e.g. the handling of shadow_pass.

(I'm not very worried about this, because we're free to improve this
API at any time, and there are only two callers. Michael was very
receptive to prefactoring patches here prior to the addition of
OAUTHBEARER, and I expect we'll continue to refactor it if/when more
mechanisms show up. It's just hard to pull a general interface out of
two mechanisms as dissimilar as SCRAM and OAuth.)

> The patch is also good as-is, all these comments in the last few
> messages are just very minor details, I probably spent way too much
> time thinging about how to make this not oauth specific in the generic
> part of the code.

I appreciate the review!

I'm not in a rush to get this patch pushed, and I want to give Michael
ample time to weigh in. (Personally, I don't think anyone is likely to
argue against the behavior change here, only against how it's being
done. We have alternative implementations available if there are
strong opinions late in the cycle. So I feel pretty confident we can
land a fix for 19.)

Thanks,
--Jacob