Update SCRAM dependency to 3.0

[jorsol]

Feature Request

A new release of the SCRAM dependency is available, update the dependency to version 3.0.

[mp911de]

Thanks a lot for letting us know. The stage-based approach to SCRAM auth is gone and now requires upfront knowledge of whether we want to authenticate via password or a key. Also, the changes look non-trivial.

[jorsol]

Thanks a lot for letting us know. The stage-based approach to SCRAM auth is gone and now requires upfront knowledge of whether we want to authenticate via password or a key. Also, the changes look non-trivial.

The changes are trivial at least to upgrade the current dependency, using the key or salted password is optional and only needed if the client (r2dbc) does some cache upfront.

What is not so trivial is to allow channel binding, this requires access to the SSLSession to extract the client peer certificate and use it on negotiation.

[jorsol]

These are the changes needed to upgrade the dependency: #646

Channel binding support is not implemented yet since it needs access to the connection and I'm not familiar with the codebase here, but the idea is to do something like this:
https://github.com/pgjdbc/pgjdbc/blob/84e538b05693c57953bcdbdb9aa4fcebb6d2184f/pgjdbc/src/main/java/org/postgresql/core/v3/ScramAuthenticator.java#L87-L107

[mp911de]

Wow. It seems that I got some wrong class for starters and hence I assumed more complex. Thank you so much.

Do you have a pointer for the SSL auth config within Postgres so I can give it a spin?

[mp911de]

Thanks for your support. I added channel binding by extracting the first certificate from the SSL session. On a related note, there are setups like Google Cloud that put SSL terminators in front of a Postgres box. For the time being, we're only extracting SSL certificates with direct SSL connections where the server terminates SSL and not an SSL proxy.