pg_session_jwt is a PostgreSQL extension designed to handle authenticated sessions through a JWT. This JWT is then verified against a JWK (JSON Web Ke

Search code, repositories, users, issues, pull requests...

submited by
Style Pass
2024-10-30 15:00:02

pg_session_jwt is a PostgreSQL extension designed to handle authenticated sessions through a JWT. This JWT is then verified against a JWK (JSON Web Key) to ensure its authenticity.

JWK can only be set at postmaster startup, from the configuration file, or by client request in the connection startup packet (e.g., from libpq's PGOPTIONS variable), whereas the JWT can be set anytime at runtime. The extension then stores the JWT in the database for later retrieval, and exposes functions to retrieve the user ID (the sub subject field) and other parts of the payload.

The goal of this extension is to provide a secure and efficient way to manage authenticated sessions in a PostgreSQL database. The JWTs can be generated by third-party auth providers, and then developers can leverage the JWT for Row Level Security (RLS) policies, or to retrieve the user ID for other purposes (column defaults, filters, etc.).

Before calling functions make sure that pg_session_jwt.jwk parameter is properly initialized. libpq connect options can be used for that.

Leave a Comment