Until now Postgres does not provide a way to pass a eg. user JSON Web Token as an argument via libpq. If you enable OAuth as a Authentication Mechanism PG always want's to get it's own Token through the provided Module for Duckdb however it would be more feasible to be able to connect with a token in hand, as an alternative to user/password. But PG18 provides the PQsetAuthDataHook() API.
When libpq needs a bearer token during OAUTHBEARER authentication it will call the hook and get's the token from the process memory.
Probably two Sources for the token:
- Environment variable PGOAUTHTOKEN
- A DuckDB setting Variable (More Secure)
Maybe it possible to register the hook once during extension initialization, before any PQconnectdb call?
void postgres_extension_oauth_init(void) { prev_hook = PQgetAuthDataHook(); PQsetAuthDataHook(oauth_token_hook); }
Related Discussions pgsql-hackers
Maybe the following can be a starting point of a development.
pg_AuthDataHook.c
Until now Postgres does not provide a way to pass a eg. user JSON Web Token as an argument via libpq. If you enable OAuth as a Authentication Mechanism PG always want's to get it's own Token through the provided Module for Duckdb however it would be more feasible to be able to connect with a token in hand, as an alternative to user/password. But PG18 provides the PQsetAuthDataHook() API.
When libpq needs a bearer token during OAUTHBEARER authentication it will call the hook and get's the token from the process memory.
Probably two Sources for the token:
Maybe it possible to register the hook once during extension initialization, before any PQconnectdb call?
void postgres_extension_oauth_init(void) { prev_hook = PQgetAuthDataHook(); PQsetAuthDataHook(oauth_token_hook); }Related Discussions pgsql-hackers
Maybe the following can be a starting point of a development.
pg_AuthDataHook.c