The SCRAM protocol documentation
(https://www.postgresql.org/docs/devel/static/sasl-authentication.html)
states
"To avoid confusion, the client should use pg_same_as_startup_message as
the username in the client-first-message."
However, the client implementation in libpq doesn't actually do that, it
sends an empty string for the user name. I find no other reference to
"pg_same_as_startup_message" in the sources. Should the documentation
be updated?
Relatedly, the SCRAM specification doesn't appear to allow omitting the
user name in this manner. Why don't we just send the actual user name,
even though it's redundant with the startup message?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services