Amazon RDS auth tokens in .pgpass - Mailing list pgsql-admin

I suspect there are some restrictions on the kind of data you can put in .pgpass that are not documented sufficiently here: https://www.postgresql.org/docs/12/libpq-pgpass.html

I am trying to connect to a Postgres database on Amazon RDS using IAM authentication. This works by having IAM generate an authentication token that you use as the password for the database user you're connecting as. You can read more about this here: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.PostgreSQL.html

Here's an example of what one of these auth tokens looks like (with some of the sections redacted/altered from a real token):

```

```

That whole thing is the password for `someuser`.

Now, I know that .pgpass works for me because I can use it to connect to another user that has a regular-looking password like `some-password-123`. And I know that using these auth tokens with `someuser` also works because psql successfully connects to that user if I provide the auth token via the `PGPASSWORD` environment variable.

It's only the combination of a) .pgpass and b) RDS auth token that doesn't work. This leads me to believe something is going wrong on a code path specific to .pgpass, or that there are some undocumented restrictions on what can go in .pgpass.

The docs do instruct:

> If an entry needs to contain : or \, escape this character with \.

So I tried escaping the one `:` character in the auth token with a backslash, but that didn't help. Thinking that perhaps there are other characters that might need escaping, I also tried escaping every character in the auth token -- i.e. `\s\o\m\e\-\h\o\s\t\.\u\s...` -- but that didn't work either. psql fails to connect with:

```

psql: error: could not connect to server: FATAL:  PAM authentication failed for user "someuser"

```

Are the docs on .pgpass missing something? Is there perhaps a bug in how .pgpass is being parsed?

Nick