From 8fa995ba2eb5a9b95687a7506b330176f1518122 Mon Sep 17 00:00:00 2001 From: Zsolt Parragi Date: Tue, 7 Apr 2026 17:48:12 +0000 Subject: [PATCH] libpq-oauth: Warn when PGOAUTHDEBUG trace may expose secrets PGOAUTHDEBUG=UNSAFE enables libcurl's verbose output, which prints raw HTTP traffic including bearer tokens and client secrets. Bracket it with warnings at the start and end of the OAuth flow so users know not to share it. --- src/interfaces/libpq-oauth/oauth-curl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/interfaces/libpq-oauth/oauth-curl.c b/src/interfaces/libpq-oauth/oauth-curl.c index 64b5306372a..905c26a014a 100644 --- a/src/interfaces/libpq-oauth/oauth-curl.c +++ b/src/interfaces/libpq-oauth/oauth-curl.c @@ -2796,6 +2796,10 @@ pg_fe_run_oauth_flow_impl(PGconn *conn) /* Should we enable unsafe features? */ actx->debugging = oauth_unsafe_debugging_enabled(); + if (actx->debugging) + fprintf(stderr, + libpq_gettext("WARNING: PGOAUTHDEBUG trace is enabled. HTTP traffic (including secrets) will be logged.\n")); + state->async_ctx = actx; initPQExpBuffer(&actx->work_data); @@ -3082,6 +3086,11 @@ pg_fe_run_oauth_flow(PGconn *conn) actx->dbg_num_calls); } + if (actx && actx->debugging + && (result == PGRES_POLLING_OK || result == PGRES_POLLING_FAILED)) + fprintf(stderr, + libpq_gettext("WARNING: PGOAUTHDEBUG trace output above may contain secrets. Do not share with third parties.\n")); + #ifndef WIN32 if (masked) { -- 2.43.0