[feat] Support for PG 18+ OAuth authentication #831
Description
My concrete use-case would be to issue service accounts in my Kubernetes home lab, connected to both, PgDog and PostgreSQL 18, so that I avoid the need for password management and distribution. PgDog sits right next to my app in a sidecar (so no additional password should be needed here (localhost "trust").
PostgreSQL 18 introduced support for authentication via OAuth tokens:
Although a 3rd-party OAuth Validator is needed at the server side, some implementations already exist, e.g.:
On the client side, the only flow currently available with libpq is the device authorization flow, which is interactive:
For any app-level integration, this is obviously not appropriate and an implementation for the libpq hook type PQAUTHDATA_OAUTH_BEARER_TOKEN is necessary.
As I understand the code, PgDog does not depend on libpq, so could implement support for it independently.
This issue focus is on the support for PgDog → PostgreSQL side.
The other scenario would be App → PgDog, with PgDog sitting right next to the PostgreSQL server and would serve as a validator of incoming OAuth requests, but this should be a separate issue, I guess.