On Fri, Nov 18, 2022 at 11:06 AM mahendrakar s <mahendrakarfo...@gmail.com> wrote:
> On Fri, 18 Nov 2022 at 10:39, Khushboo Vashi > <khushboo.va...@enterprisedb.com> wrote: > > > > Hi, > > > > On Fri, Nov 18, 2022 at 9:47 AM mahendrakar s < > mahendrakarfo...@gmail.com> wrote: > >> > >> Hi PgAdmin Hackers, > >> > >> I am working on oauth poc with Postgres, here the flow is: > >> Authentication Code with pkce > >> > > As per my knowledge, Postgres doesn't support Oauth2 authentication to > connect a database server directly, of course the other way is you can > configure PEM authentication and then use it. > > > I'm working with pg community for oauth support on postgres and this > is the PoC which I'm working on as mentioned earlier. > > >> In this flow, I need to configure or make changes to PgAdmin to > >> > >> 1. Pass additional parameters in the connection string like below for > psql: > >> ./psql -U mahendrak...@microsoft.com -d 'dbname=postgres > >> oauth_client_id=xxxx oauth_client_secret=xxx > >> oauth_flow_type=auth_code' > > > > Did this work? > Yes, with my PoC changes in postgres, it works. > Great. It will take time to make changes for Oauth2 DB connection in pgAdmin, If you are willing to do it then let me know I will guide you. > >> > >> I am not sure how to pass these params in PgAdmin or configure it > >> to pass them. > >> > >> 2. PgAdmin needs to listen on redirection url so that the user can > >> sign in and obtain the auth_code. > >> 3 . PgAdmin needs to send the auth_code to libpq during the oauth flow. > >> 4. Libpq sends the refresh_token to PgAdmin ( and used in future to > >> get the access_token in which case PgAdmin sends it to libpq). > >> > >> Can you suggest what would be the best way to do this? > >> > > We have configured the Oauth2 authentication in pgAdmin only for login > to the pgAdmin app, not for the database. > > You can check the Oauth module but my suggestion is that, first you try > with a simple python script for your POC, after that you can try with > pgAdmin. > > > Okay. > >> Thanks, > >> Mahendrakar. > >> > >> >
