From d2e7d2a09d7d17656418f8c859074db690af19ec Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Tue, 29 Apr 2025 13:08:24 -0700 Subject: oauth: Disallow OAuth connections via postgres_fdw/dblink A subsequent commit will reclassify oauth_client_secret from dispchar="" to dispchar="*", so that UIs will treat it like a secret. For our FDWs, this change will move that option from SERVER to USER MAPPING, which we need to avoid. But upon further discussion, we don't really want our FDWs to use our builtin Device Authorization flow at all, for several reasons: - the URL and code would be printed to the server logs, not sent over the client connection - tokens are not cached/refreshed, so every single connection has to be manually authorized by a user with a browser - oauth_client_secret needs to belong to the foreign server, but options on SERVER are publicly accessible - all non-superusers would need password_required=false, which is dangerous Future OAuth work can use FDWs as a motivating use case. But for now, disallow all oauth_* connection options for these two extensions. Reviewed-by: Noah Misch Discussion: https://postgr.es/m/20250415191435.55.nmisch%40google.com --- contrib/postgres_fdw/sql/postgres_fdw.sql | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'contrib/postgres_fdw/sql/postgres_fdw.sql') diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index ea6287b03fd..1f27260bafe 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -213,6 +213,14 @@ ALTER USER MAPPING FOR public SERVER testserver1 ALTER USER MAPPING FOR public SERVER testserver1 OPTIONS (ADD sslkey 'value', ADD sslcert 'value'); +-- OAuth options are not allowed in either context +ALTER SERVER testserver1 OPTIONS (ADD oauth_issuer 'https://example.com'); +ALTER SERVER testserver1 OPTIONS (ADD oauth_client_id 'myID'); +ALTER USER MAPPING FOR public SERVER testserver1 + OPTIONS (ADD oauth_issuer 'https://example.com'); +ALTER USER MAPPING FOR public SERVER testserver1 + OPTIONS (ADD oauth_client_id 'myID'); + ALTER FOREIGN TABLE ft1 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft2 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft1 ALTER COLUMN c1 OPTIONS (column_name 'C 1'); -- cgit v1.2.3