PostgreSQL: Documentation: devel: Chapter 50. OAuth Validator Modules

Documentation → PostgreSQL devel (2025-04-26 15:42:29 - git commit 10e8176950b)

Development Versions: devel

This documentation is for an unsupported version of PostgreSQL.
You may want to view the same page for the current version, or one of the other supported versions listed above instead.

Chapter 50. OAuth Validator Modules
Prev	Up	Part V. Server Programming	Home	Next

Chapter 50. OAuth Validator Modules

Table of Contents

50.1. Safely Designing a Validator Module

50.1.1. Validator Responsibilities
50.1.2. General Coding Guidelines
50.1.3. Authorizing Users (Usermap Delegation)

50.2. Initialization Functions

50.3. OAuth Validator Callbacks

50.3.1. Startup Callback
50.3.2. Validate Callback
50.3.3. Shutdown Callback

PostgreSQL provides infrastructure for creating custom modules to perform server-side validation of OAuth bearer tokens. Because OAuth implementations vary so wildly, and bearer token validation is heavily dependent on the issuing party, the server cannot check the token itself; validator modules provide the integration layer between the server and the OAuth provider in use.

OAuth validator modules must at least consist of an initialization function (see Section 50.2) and the required callback for performing validation (see Section 50.3.2).

Warning

Since a misbehaving validator might let unauthorized users into the database, correct implementation is crucial for server safety. See Section 50.1 for design considerations.

Prev	Up	Next
49.2. Archive Module Callbacks	Home	50.1. Safely Designing a Validator Module