Home Explore Blog CI



postgresql

37th chunk of `doc/src/sgml/client-auth.sgml`
366945e6535eac04cc88b25c4e206c165a0c12f25ec214ec000000010000080b
 linkend="guc-oauth-validator-libraries" />.  This parameter is
        optional unless <literal>oauth_validator_libraries</literal> contains
        more than one library, in which case it is required.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry>
      <term><literal>map</literal></term>
      <listitem>
       <para>
        Allows for mapping between OAuth identity provider and database user
        names.  See <xref linkend="auth-username-maps"/> for details.  If a
        map is not specified, the user name associated with the token (as
        determined by the OAuth validator) must exactly match the role name
        being requested.  This parameter is optional.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry>
      <term id="auth-oauth-delegate-ident-mapping" xreflabel="delegate_ident_mapping">
       <literal>delegate_ident_mapping</literal>
      </term>
      <listitem>
       <para>
        An advanced option which is not intended for common use.
       </para>
       <para>
        When set to <literal>1</literal>, standard user mapping with
        <filename>pg_ident.conf</filename> is skipped, and the OAuth validator
        takes full responsibility for mapping end user identities to database
        roles.  If the validator authorizes the token, the server trusts that
        the user is allowed to connect under the requested role, and the
        connection is allowed to proceed regardless of the authentication
        status of the user.
       </para>
       <para>
        This parameter is incompatible with <literal>map</literal>.
       </para>
       <warning>
        <para>
         <literal>delegate_ident_mapping</literal> provides additional
         flexibility in the design of the authentication system, but it also
         requires careful implementation of the OAuth validator, which must
         determine whether the provided token carries sufficient end-user
         privileges in addition to the <link linkend="oauth-validators">standard

Title: OAuth Configuration Parameters: Mapping and Delegation
Summary
This section discusses the 'map' and 'delegate_ident_mapping' parameters in OAuth configuration, which control how OAuth identities are mapped to database user names, and how the OAuth validator handles authentication and authorization, including advanced options for custom mapping and delegation.