| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Shlok Kyal <shlok(dot)kyal(dot)oss(at)gmail(dot)com>, mahendrakar s <mahendrakarforpg(at)gmail(dot)com>, Andrey Chudnovsky <achudnovskij(at)gmail(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "smilingsamay(at)gmail(dot)com" <smilingsamay(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Subject: | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Date: | 2024-03-01 17:46:27 |
| Message-ID: | CAOYmi+mSSY4SvOtVN7zLyUCQ4-RDkxkzmTuPEN+t-PsB7GHnZA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Feb 29, 2024 at 5:08 PM Jacob Champion
<jacob(dot)champion(at)enterprisedb(dot)com> wrote:
> We are now very, very close to green.
v19 gets us a bit closer by adding a missed import for Windows. I've
also removed iddawc support, so the client patch is lighter.
> The new oauth_validator tests can't work on Windows, since the client
> doesn't support OAuth there. The python/server tests can handle this
> case, since they emulate the client behavior; do we want to try
> something similar in Perl?
In addition to this question, I'm starting to notice intermittent
failures of the form
error: ... failed to fetch OpenID discovery document: failed to
queue HTTP request
This corresponds to a TODO in the libcurl implementation -- if the
initial call to curl_multi_socket_action() reports that no handles are
running, I treated that as an error. But it looks like it's possible
for libcurl to finish a request synchronously if the remote responds
quickly enough, so that needs to change.
--Jacob
| Attachment | Content-Type | Size |
|---|---|---|
| since-v18.diff.txt | text/plain | 26.5 KB |
| v19-0002-Refactor-SASL-exchange-to-return-tri-state-statu.patch | application/octet-stream | 9.9 KB |
| v19-0004-libpq-add-OAUTHBEARER-SASL-mechanism.patch | application/octet-stream | 106.3 KB |
| v19-0001-common-jsonapi-support-FRONTEND-clients.patch | application/octet-stream | 20.4 KB |
| v19-0003-Explicitly-require-password-for-SCRAM-exchange.patch | application/octet-stream | 3.2 KB |
| v19-0005-backend-add-OAUTHBEARER-SASL-mechanism.patch | application/octet-stream | 39.9 KB |
| v19-0007-Add-pytest-suite-for-OAuth.patch | application/octet-stream | 171.8 KB |
| v19-0008-XXX-temporary-patches-to-build-and-test.patch | application/octet-stream | 3.8 KB |
| v19-0006-Introduce-OAuth-validator-libraries.patch | application/octet-stream | 32.0 KB |
| v19-0009-WIP-Python-OAuth-provider-implementation.patch | application/octet-stream | 9.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2024-03-01 17:47:32 | Re: index prefetching |
| Previous Message | Stephen Frost | 2024-03-01 17:16:51 | Re: Statistics Import and Export |