On Sat, Jan 24, 2026 at 6:50 AM Álvaro Herrera <alvherre@kurilemu.de> wrote:
> But the code suggests that the module worked fine and made the
> determination not to authorize the user. If that's so, then why do we
> have the errdetail at all? Can't we just get rid of it and let the
> errmsg stand on its own merit?
For that code path I suspect we could get rid of the entire message,
because of what you mentioned later: auth_failed() is already going to
give us that. The validator can log what's important if needed, or
not. We could add some DEBUGs, maybe, so that you can still figure out
what's going on if a validator fails silently?
> Here it seems the validator did indeed have an internal problem of some
> sort, because while it did declare that the user was authorized, it did
> not provide what we were expecting from it. Should in this case the
> errmsg() be different?
Yeah, I think so. The errdetail should probably become the errmsg,
essentially (but with more context).
Thanks,
--Jacob
