| From: | Nico Williams <nico(at)cryptonector(dot)com> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Subject: | Re: [oauth] SASL mechanisms |
| Date: | 2025-11-22 21:29:02 |
| Message-ID: | aSIrHnltYZcRLh4g@ubby |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Also, we do have custom claims (we should publish a spec and register
them at IANA...) for very coarse-grained authorization that amounts to
an application-level firewall logic that lets us isolate workloads by
type (think prod vs QA vs dev, but also other things).
No OAuth library on the server side can get that right today (we'd have
to contribute to them, which, ok, it's doable, but it takes time). This
is one reason that I want to get each claim as a config item I can
access in SQL code.
Nico
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joel Jacobson | 2025-11-22 21:30:11 | Re: Optimize LISTEN/NOTIFY |
| Previous Message | Daniil Davydov | 2025-11-22 20:13:03 | Re: POC: Parallel processing of indexes in autovacuum |