Also, we do have custom claims (we should publish a spec and register
them at IANA...) for very coarse-grained authorization that amounts to
an application-level firewall logic that lets us isolate workloads by
type (think prod vs QA vs dev, but also other things).
No OAuth library on the server s
On Fri, Nov 21, 2025 at 03:46:12PM -0800, Jacob Champion wrote:
> On Fri, Nov 21, 2025 at 3:15 PM Nico Williams wrote:
> > For apps like PG I'm much more interested in real OAuth support. But
> > that's because I use PG in a corporate environment where we use
> > Kerberos, PKIX, and OAuth for aut
(shamelessly splitting this into its own thread, but also to avoid
further derailment of Neustradamus' tls-exporter conversation)
On Fri, Nov 21, 2025 at 3:15 PM Nico Williams wrote:
> For apps like PG I'm much more interested in real OAuth support. But
> that's because I use PG in a corporate e
