commit f21c1b8aecc2a7e8baa1b1b004055eabb057403b Author: Jacob Champion Date: Tue Mar 10 12:58:05 2026 XXX polite libpq diff --git a/src/interfaces/libpq/fe-auth-oauth.c b/src/interfaces/libpq/fe-auth-oauth.c index 2aef327c68b..562c8595c32 100644 --- a/src/interfaces/libpq/fe-auth-oauth.c +++ b/src/interfaces/libpq/fe-auth-oauth.c @@ -1400,7 +1400,7 @@ reconnect: */ libpq_append_conn_error(conn, "retrying connection with new bearer token"); conn->oauth_want_retry = true; - return SASL_FAILED; + return SASL_COMPLETE; } static bool diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index db9b4c8edbf..151d4096f32 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -4130,6 +4130,17 @@ keep_going: /* We will come back to here until there is /* Handle errors. */ if (beresp == PqMsg_ErrorResponse) { + /* + * OAuth connections may perform two-step discovery, where + * the first connection is a dummy. We expect a failure + * message to end the SASL exchange from the server side. + */ + if (conn->sasl == &pg_oauth_mech && conn->oauth_want_retry) + { + need_new_connection = true; + goto keep_going; + } + if (pqGetErrorNotice3(conn, true)) { libpq_append_conn_error(conn, "received invalid error message"); @@ -4243,19 +4254,7 @@ keep_going: /* We will come back to here until there is conn->inStart = conn->inCursor; if (res != STATUS_OK) - { - /* - * OAuth connections may perform two-step discovery, where - * the first connection is a dummy. - */ - if (conn->sasl == &pg_oauth_mech && conn->oauth_want_retry) - { - need_new_connection = true; - goto keep_going; - } - goto error_return; - } /* * Just make sure that any data sent by pg_fe_sendauth is