| From: | Christoph Berg <myon(at)debian(dot)org> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Wolfgang Walther <walther(at)technowledgy(dot)de>, Devrim GΓΌndΓΌz <devrim(at)gunduz(dot)org> |
| Subject: | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Date: | 2025-04-19 12:03:29 |
| Message-ID: | aAOREVWMFTuWvJ1l@msg.df7cb.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Re: Jacob Champion
> > libpq_append_conn_error(conn, "no custom OAuth flows are available,
> > and libpq-oauth could not be loaded library could not be loaded. Try
> > installing the libpq-oauth package from the same source that you
> > installed libpq from");
>
> Thanks! I think that's a little too prescriptive for packagers,
> personally, but I agree that the current message isn't correct
> anymore. I've gone with "no custom OAuth flows are available, and the
> builtin flow is not installed".
This whole oauth business is highly confusing if you aren't a web
security expert. It's a pretty long way from "the builtin flow is not
installed" to "if you want this to work, you need to install an extra
library/package on the client", so I don't think this message is
helpful.
The originally suggested message was pretty good in that regard. The
distinction about custom flows could probably be dropped.
How about this:
No libpq OAuth flows are available. (Try installing the libpq-oauth package.)
People who have custom flows will likely know that they have to do
anyway.
Devrim: Does that match the package name you'd use?
> (I suppose packagers could patch in a
> platform-specific message if they really wanted?)
We could, but I'd prefer if we didn't have to. :*)
Christoph
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sami Imseih | 2025-04-19 13:31:20 | Re: [BUG] temporary file usage report with extended protocol and unnamed portals |
| Previous Message | Andrew Dunstan | 2025-04-19 11:47:26 | Re: disabled SSL log_like tests |