Home > mailing lists

[OAuth2] Infrastructure for tracking token expiry time - Mailing list pgsql-hackers

From	Ajit Awekar
Subject	[OAuth2] Infrastructure for tracking token expiry time
Date	February 16 12:10:36
Msg-id	CAER375PhG5an=p1=6QS6vWi=BHxR+ViJmYPDkkEtpgVsfCcu_w@mail.gmail.com Whole thread
Responses	Re: [OAuth2] Infrastructure for tracking token expiry time
List	pgsql-hackers

Tree view

Hi Hackers,

Currently, during OAuth2 authentication, the ValidatorModuleResult structure allows a validator(extension) to return the authentication status and the authn_id.
However, we ignore the token expiry time (exp claim).

Once a token is validated, the backend has no record of when that token actually expires. A session can remain open indefinitely even if the underlying access token has expired shortly after the connection was established.

This patch adds the infrastructure to capture and store this expiration timestamp within the backend session state. It does not implement an enforcement policy (such as auto-termination).

Request a review.

Thanks & Best Regards,
Ajit

Attachment

password_expiry_oauth.diff

pgsql-hackers by date:

From: Bertrand Drouvot
Date: 16 February, 12:01:49
Subject: Re: rename and move AssertVariableIsOfType

From: vignesh C
Date: 16 February, 12:14:41
Subject: Re: [Proposal] Adding Log File Capability to pg_createsubscriber

[OAuth2] Infrastructure for tracking token expiry time - Mailing list pgsql-hackers

Attachment

Previous

Next