You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Proper installation steps, updated step 1 with readme info and remove step 2
- Reordered TOC to put OIDC first
- create a snippet folder with proper oidc authentication flow which can be modified any time to render immediately as opposed to having an svg, using mermaid.
- standardize the external identity providers, making a list of them is too bloaty.
Copy file name to clipboardExpand all lines: docs/solutions/authentication/oidc.md
+15-17Lines changed: 15 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,9 +2,9 @@
2
2
3
3
[OpenID Connect :octicons-link-external-16:](https://openid.net/developers/how-connect-works/) (or OIDC) authentication allows you to authenticate using tokens issued by an external identity provider. Instead of managing database passwords, you can delegate authentication to centralized identity services.
4
4
5
-
Percona Distribution for PostgreSQL integrates OIDC authentication using the pg_oidc_validator library, which validates OIDC tokens during client authentication.
5
+
Percona Distribution for PostgreSQL integrates OIDC authentication using the `pg_oidc_validator` library, which validates OIDC tokens during client authentication.
6
6
7
-
The library is compatible with standard OIDC providers.
7
+
The library is compatible with any identity provider that implements the OIDC standard.
8
8
9
9
For configuration details and source code, see the [pg_oidc_validator project :octicons-link-external-16:](https://github.com/Percona-Lab/pg_oidc_validator).
10
10
@@ -34,7 +34,7 @@ OIDC authentication works as follows:
34
34
35
35
The following diagram shows how OIDC authentication works between the client, the identity provider, and PostgreSQL:
A C++23 compiler and standard library is required to build pg_oidc_validator.
64
+
61
65
2. Edit `postgresql.conf` and add the validator library:
62
66
63
67
```ini
@@ -79,11 +83,5 @@ Follow these steps to set up OIDC authentication for your PostgreSQL database.
79
83
*`scope` is the required OIDC scope
80
84
*`issuer` is the URL of the OIDC identity provider
81
85
82
-
4. Restart PostgreSQL for the changes to take effect:
83
-
84
-
```bash
85
-
sudo systemctl restart postgresql-{{pgversion}}
86
-
```
87
-
88
86
!!! important
89
-
PostgreSQL does not issue OIDC tokens. Clients must obtain an access token from an external identity provider such as Keycloak, Okta, or Microsoft Entra ID before connecting.
87
+
PostgreSQL does not issue OIDC tokens. Clients must obtain an access token from an external identity provider before connecting.
0 commit comments