From 5cc87df856f40b575ee3f608da1669841c755491 Mon Sep 17 00:00:00 2001 From: Zsolt Parragi Date: Sun, 7 Sep 2025 19:40:36 +0100 Subject: [PATCH] OIDC client should work with Google OAuth Currently the OIDC client code fails when used with Google OAuth, because of two separate reasons: * If we provide a client secret, both the id and the secret parameter are only sent as HTTP Basic authentication parameters, but the Google API always requires the id parameter in the request body and throws an error. If we don't provide a secret, the id is in the body, but there's no secret so we get an error again. By always including the id in the body this is easily fixed. * Google returns HTTP 428 (Precondition required) while waiting for the user to enter the code, and this status code isn't handled in the code. Also easily fixable, with this patch the wait loop also allows this. --- src/interfaces/libpq-oauth/oauth-curl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/interfaces/libpq-oauth/oauth-curl.c b/src/interfaces/libpq-oauth/oauth-curl.c index aa50b00d053..72d0f1459f8 100644 --- a/src/interfaces/libpq-oauth/oauth-curl.c +++ b/src/interfaces/libpq-oauth/oauth-curl.c @@ -2347,12 +2347,13 @@ add_client_identification(struct async_ctx *actx, PQExpBuffer reqbody, PGconn *c * If we're not otherwise authenticating, client_id is REQUIRED in the * request body. */ - build_urlencoded(reqbody, "client_id", oauth_client_id); CHECK_SETOPT(actx, CURLOPT_HTTPAUTH, CURLAUTH_NONE, goto cleanup); actx->used_basic_auth = false; } + build_urlencoded(reqbody, "client_id", oauth_client_id); + success = true; cleanup: @@ -2517,7 +2518,7 @@ finish_token_request(struct async_ctx *actx, struct token *tok) * return which would violate the specification. For now we stick to the * specification but we might have to revisit this. */ - if (response_code == 400 || response_code == 401) + if (response_code == 400 || response_code == 401 || response_code == 428) { if (!parse_token_error(actx, &tok->err)) return false; -- 2.43.0