Re: [PoC] Federated Authn/z with OAUTHBEARER

On Wed, Jan 8, 2025 at 3:21 AM Jacob Champion <
jacob(dot)champion(at)enterprisedb(dot)com> wrote:

> On Fri, Dec 20, 2024 at 2:21 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> >
> > > On 20 Dec 2024, at 02:00, Jacob Champion <
> jacob(dot)champion(at)enterprisedb(dot)com> wrote:
> >
> > Thanks for the new version, I was doing a v39 review but I'll roll that
> over
> > into a v40 review now.
>
> (Sorry for the rug pull!)
>
> > As I was reading I was trying to identify parts can be broken out and
> committed
> > ahead of time. This not only to trim down size, but mostly to shape the
> final
> > commit into a coherent single commit that brings a single functionality
> > utilizing existing APIs. Basically I think we should keep generic
> > functionality out of the final commit and keep that focused on OAuth and
> the
> > required APIs and infra.
>
> Sounds good.
>
> > The async auth support seemed like a candidate to go in before the
> rest. While
> > there won't be any consumers of it, it's also not limited to OAuth.
> What do
> > you think about slicing that off and get in ahead of time? I took a
> small stab
> > at separating out the generic bits (it includes the
> PG_MAX_AUTH_TOKEN_LENGTH
> > move as well which is unrelated, but could also be committed ahead of
> time)
> > along with some small tweaks on it.
>
> +1 to separating the PG_MAX_... macro move. I will take a closer look
> at the async patch in isolation; there's some work I'm doing to fix a
> bug Kashif (cc'd) found recently, and it has me a bit unsure about my
> chosen order of operations in the async part of fe-connect.c. That
> deserves its own email, but I need to investigate more.
>
Thanks Jacob
Most of the testing with psql is done and working on the remaining test
cases.

>
> Thanks!
> --Jacob
>
>
>