PostgreSQL 18 includes support for OAuth and i want to play around with it. Unfortunately there's not much documentation out there yet but with the help of ChatGPT I've got something working. Here is quick 🧠-dump on how to compile everything.
I've set up a fresh Ubuntu 22.04 machine for the entire experiment.
Note: I do not provide support for this.
sudo apt install build-essential libreadline-dev zlib1g-dev flex bison libxml2-dev libxslt1-dev libssl-dev libpam0g-dev libldap2-dev libedit-dev pkg-configwget https://ftp.postgresql.org/pub/source/v18beta1/postgresql-18beta1.tar.gz
tar -xzf postgresql-18beta1.tar.gzNote: It's important to add --with-libcurl because this also enables OAuth support.
cd postgresql-18beta1
./configure --prefix=/usr/local/pgsql18 --with-openssl --with-libcurlmake -j$(nproc)
sudo make installsudo adduser postgres
sudo mkdir /usr/local/pgsql18/data
sudo chown postgres /usr/local/pgsql18/datasudo -u postgres /usr/local/pgsql18/bin/initdb -D /usr/local/pgsql18/dataNote: I just copied the one from the PostgreSQL repo's test suite. This module permits everyone.
cd ./my_oauth_validator
make
sudo make installsudo nano /usr/local/pgsql18/data/postgresql.confConfigure this:
oauth_validator_libraries = 'jwt_validator'
sudo nano /usr/local/pgsql18/data/pg_hba.confDisable the other local login methods and add:
host all all 0.0.0.0/0 oauth scope=openid issuer=https://login.your-server.com validator=jwt_validator
sudo -u postgres /usr/local/pgsql18/bin/pg_ctl -D /usr/local/pgsql18/data start/usr/local/pgsql18/bin/psql -Atx "host=localhost port=5432 dbname=postgres user=postgres oauth_issuer=https://login.your-server.com oauth_client_id=postgres"This will give you a device login prompt.
sudo -u postgres /usr/local/pgsql18/bin/pg_ctl -D /usr/local/pgsql18/data stop