No video of the event yet, sorry!

PostgreSQL 18 introduces native support for OAuth 2.0 authentication via the SASL OAUTHBEARER mechanism, elevating its position as a modern resource server. This new feature relies on a pluggable validator module for external token verification, a critical extension point for integrating with diverse Identity Providers (IdPs) like Okta, Keycloak, or custom Single Sign On solutions.

This talk dives into the development and implementation of a custom OAuth2 validator extension for PG18. We'll explore the required C API callbacks and responsibilities of a validator module, which include:

Token Validation: Implementing logic for either offline validation or online introspection against a provider's endpoint. Authorize the client: The validator must ensure that the end user has given the client permission to access the server on their behalf by checking the scopes. Authenticate the End User: Handling the integration with PostgreSQL's identity mapping system, including advanced scenarios like delegated identity mapping.

Attendees will gain a practical understanding of how to leverage PostgreSQL's extensibility to secure database access using modern, passwordless, token-based authentication. We will cover the configuration of the validator in postgresql.conf and pg_hba.conf, and demonstrate the seamless integration with existing IdPs.