Re: OAuth client code doesn't work with Google OAuth
| От | Daniel Gustafsson |
|---|---|
| Тема | Re: OAuth client code doesn't work with Google OAuth |
| Дата | |
| Msg-id | 18701D38-301D-4AFD-B5C3-E69C99D06E44@yesql.se обсуждение исходный текст |
| Ответ на | Re: OAuth client code doesn't work with Google OAuth (Zsolt Parragi <zsolt.parragi@percona.com>) |
| Ответы |
Re: OAuth client code doesn't work with Google OAuth
|
| Список | pgsql-hackers |
> On 8 Sep 2025, at 11:46, Zsolt Parragi <zsolt.parragi@percona.com> wrote: > >> AFAICT adding this would not violate the RFC but it is "NOT RECOMMENDED". > > I didn't test Okta yet, but it worked with all other providers I tried > so far. I try to verify this with Okta and modify it if it doesn't > work Great, thanks! > , but I think this isn't clear in the RFCs: > ... Unfortunately thats true for most of the OAuth related RFCs, they are in places wishy washy at best. >> It doesn't seem in line with the specification, which error are they sending >> 428 for? Do they use 401 for invalid_client? > > During the wait for the user to enter the device code. It's documented here: > > https://developers.google.com/identity/protocols/oauth2/limited-input-device#authorization-pending Thanks for the reference, I'm not sure we should handle it equally to 400/401 (need to think about that, and am looking foward to Jacob's wisdom on it) but it should regardless be quite doable to support. -- Daniel Gustafsson
В списке pgsql-hackers по дате отправления: