Connection Parameters: OAuth Client ID, Secret, and Scope

</warning> </listitem> </varlistentry> <varlistentry id="libpq-connect-oauth-client-id" xreflabel="oauth_client_id"> <term><literal>oauth_client_id</literal></term> <listitem> <para> An OAuth 2.0 client identifier, as issued by the authorization server. If the <productname>PostgreSQL</productname> server <link linkend="auth-oauth">requests an OAuth token</link> for the connection (and if no <link linkend="libpq-oauth-authdata-hooks">custom OAuth hook</link> is installed to provide one), then this parameter must be set; otherwise, the connection will fail. </para> </listitem> </varlistentry> <varlistentry id="libpq-connect-oauth-client-secret" xreflabel="oauth_client_secret"> <term><literal>oauth_client_secret</literal></term> <listitem> <para> The client password, if any, to use when contacting the OAuth authorization server. Whether this parameter is required or not is determined by the OAuth provider; "public" clients generally do not use a secret, whereas "confidential" clients generally do. </para> </listitem> </varlistentry> <varlistentry id="libpq-connect-oauth-scope" xreflabel="oauth_scope"> <term><literal>oauth_scope</literal></term> <listitem> <para> The scope of the access request sent to the authorization server, specified as a (possibly empty) space-separated list of OAuth scope identifiers. This parameter is optional and intended for advanced usage. </para> <para> Usually the client will obtain appropriate scope settings from the <productname>PostgreSQL</productname> server. If this parameter is used, the server's requested scope list will be ignored. This can prevent a less-trusted server from requesting inappropriate access scopes from the end user. However, if the client's scope setting does not contain the server's required scopes, the server is likely to reject the issued token, and the connection will fail. </para> <para> The meaning of an empty scope list is provider-dependent. An OAuth authorization server may choose to issue a token with "default scope", whatever that happens to be, or it may reject the token request entirely. </para> </listitem> </varlistentry> </variablelist> </para> </sect2> </sect1> <sect1 id="libpq-status"> <title>Connection Status Functions</title> <para> These functions can be used to interrogate the status of an existing database connection object. </para> <tip> <para> <indexterm><primary>libpq-fe.h</primary></indexterm> <indexterm><primary>libpq-int.h</primary></indexterm> <application>libpq</application> application programmers should be careful to maintain the <structname>PGconn</structname> abstraction. Use the accessor functions described below to get at the contents of <structname>PGconn</structname>. Reference to internal <structname>PGconn</structname> fields using <filename>libpq-int.h</filename> is not recommended because they are subject to change in the future. </para> </tip> <para> The following functions return parameter values established at connection. These values are fixed for the life of the connection. If a multi-host connection string is used, the values of <xref linkend="libpq-PQhost"/>, <xref linkend="libpq-PQport"/>, and <xref linkend="libpq-PQpass"/> can change if a new connection is established using the same <structname>PGconn</structname> object. Other values are fixed for the lifetime of the <structname>PGconn</structname> object. <variablelist> <varlistentry id="libpq-PQdb"> <term><function>PQdb</function><indexterm><primary>PQdb</primary></indexterm></term> <listitem> <para>

This section details the 'oauth_client_id', 'oauth_client_secret', and 'oauth_scope' connection parameters for OAuth authentication. 'oauth_client_id' is the OAuth 2.0 client identifier. 'oauth_client_secret' is the client password used when contacting the OAuth authorization server. 'oauth_scope' specifies the scope of the access request, and is for advanced usage, since the server usually provides appropriate scope settings.