Re: [PoC] Federated Authn/z with OAUTHBEARER

On 10.04.25 01:08, Jacob Champion wrote:
> Christoph noted that this was also confusing from the packaging side,
> earlier, and Daniel proposed -Doauth-client/--with-oauth-client as the
> feature switch name instead. Any objections? Unfortunately it would
> mean a buildfarm email is in order, so we should get it locked in.

We had that discussion early in the development, and I still think it's 
not the right choice.

The general idea, at least on the Autoconf side, is that --with-FOO 
means enable all the features that require library FOO.  For example, 
--with-ldap enables all the LDAP-related features, including 
authentication support in libpq, authentication support in the server, 
and service lookup in libpq.  --with-[open]ssl enables all the features 
that use OpenSSL, including SSL support in the client and server but 
also encryption support in pgcrypto.

The naming system you propose has problems:

First, what if we add another kind of "oauth-client" that doesn't use 
libcurl, how would you extend the set of options?

Second, what if we add some kind of oauth plugin for the server that 
uses libcurl, how would you extend the set of options?

If you used that system for options in the ldap or openssl cases, you'd 
end up with maybe six options (and packagers would forget to turn on 
half of them).  But worse, what you are hiding is the information what 
dependencies you are pulling in, which is the actual reason for the 
options.  (If there was no external dependency, there would be no option 
at all.)

This seems unnecessarily complicated and inconsistent.  Once you have 
made the choice of taking the libcurl dependency, why not build 
everything that requires it?

(Nitpick: If you go with this kind of option, it should be --enable-XXX 
on the Autoconf side.)