Chapter 50. OAuth Validator Modules

   Table of Contents

   50.1. Safely Designing a Validator Module

        50.1.1. Validator Responsibilities
        50.1.2. General Coding Guidelines
        50.1.3. Authorizing Users (Usermap Delegation)

   50.2. Initialization Functions
   50.3. OAuth Validator Callbacks

        50.3.1. Startup Callback
        50.3.2. Validate Callback
        50.3.3. Shutdown Callback

   PostgreSQL provides infrastructure for creating custom modules to
   perform server-side validation of OAuth bearer tokens. Because OAuth
   implementations vary so wildly, and bearer token validation is heavily
   dependent on the issuing party, the server cannot check the token
   itself; validator modules provide the integration layer between the
   server and the OAuth provider in use.

   OAuth validator modules must at least consist of an initialization
   function (see Section 50.2) and the required callback for performing
   validation (see Section 50.3.2).

Warning

   Since a misbehaving validator might let unauthorized users into the
   database, correct implementation is crucial for server safety. See
   Section 50.1 for design considerations.