Hi!
>
> I'm not sure if we have prior art for expressing bitflags in Postgres
> envvars, other than maybe PGREQUIREAUTH. A comma-separated list would
> be easy to do. We could name these things according to whether
> they're
> unsafe or not, like
>
> PGOAUTHDEBUG=UNSAFE-http,UNSAFE-trace,p
Hi!
Sorry for the delayed answer!
>
> Okay, that's good to know. But I'm still missing how the end user (a
> human) trusts that magic CA within the browser or device they use to
> finish the actual flow?
More than the end user "trusting" a "magic" CA, it's about what company
will tell you to us
fe".
Ho! where can I see this list? I'd love to help with something here!
I'm more than open to keep discussing this, because I can see that many
people will be affected by the same, specially in the Kubernetes world.
Thank your for looking at this!
--
Jonathan Gonzalez V.
g/postgres-keycloak-oauth-validator
--
Jonathan Gonzalez V.
From b32a1ad93f933fa319ff29e15299659d67de4d22 Mon Sep 17 00:00:00 2001
From: "Jonathan Gonzalez V."
Date: Wed, 29 Oct 2025 16:54:42 +0100
Subject: [PATCH v1 1/1] libpq-oauth: allow changing the CA when not in debug
mode
Allowing
