1:  f36e6becc34 ! 1:  a9a507604c5 oauth: Let validators provide failure DETAILs
    @@ Commit message
     
         Reported-by: Álvaro Herrera <alvherre@kurilemu.de>
         Reported-by: Zsolt Parragi <zsolt.parragi@percona.com>
    +    Reviewed-by: Chao Li <li.evan.chao@gmail.com>
    +    Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
    +    Reviewed-by: Zsolt Parragi <zsolt.parragi@percona.com>
         Discussion: https://postgr.es/m/202601241015.y5uvxd7oxnfs%40alvherre.pgsql
    -    Discussion: TODO
     
      ## doc/src/sgml/oauth-validators.sgml ##
     @@
    @@ doc/src/sgml/oauth-validators.sgml
           <listitem>
            <para>
     -       Modules may use the same <link linkend="error-message-reporting">logging
    -+       To simply log the reason for a validation failure, validators may set
    -+       the freeform <structfield>error_detail</structfield> field during the
    -+       <xref linkend="oauth-validator-callback-validate"/>. This is printed only
    -+       to the server log, as part of the final authentication failure message,
    -+       and it is not shared with the client.
    ++       To simply log the reason for a validation failure, modules may set the
    ++       freeform <structfield>error_detail</structfield> field during the
    ++       <link linkend="oauth-validator-callback-validate">validate callback</link>.
    ++       (<xref linkend="error-style-guide"/> has guidelines for writing good
    ++       <literal>DETAIL</literal> messages.) <structfield>error_detail</structfield>
    ++       is printed only to the server log, as part of the final authentication
    ++       failure message, and it is not shared with the client.
     +      </para>
     +      <para>
     +       Modules may also use the same <link linkend="error-message-reporting">logging
    @@ src/backend/libpq/auth-oauth.c: struct oauth_ctx
      /* Constants seen in an OAUTHBEARER client initial response. */
      #define KVSEP 0x01				/* separator byte for key/value pairs */
     @@ src/backend/libpq/auth-oauth.c: oauth_exchange(void *opaq, const char *input, int inputlen,
    - 				errmsg("malformed OAUTHBEARER message"),
    - 				errdetail("Message contains additional data after the final terminator."));
    - 
    --	if (!validate(ctx->port, auth))
    -+	if (!validate(ctx->port, auth, logdetail))
    + 		ctx->state = OAUTH_STATE_ERROR_DISCOVERY;
    + 		status = PG_SASL_EXCHANGE_CONTINUE;
    + 	}
    +-	else if (!validate(ctx->port, auth))
    ++	else if (!validate(ctx->port, auth, logdetail))
      	{
      		generate_error_response(ctx, output, outputlen);
      
    @@ src/backend/libpq/auth.c: ClientAuthentication(Port *port)
      			status = STATUS_OK;
      			break;
      		case uaOAuth:
    --			status = CheckSASLAuth(&pg_be_oauth_mech, port, NULL, NULL);
    -+			status = CheckSASLAuth(&pg_be_oauth_mech, port, NULL, &logdetail);
    +-			status = CheckSASLAuth(&pg_be_oauth_mech, port, NULL, NULL,
    ++			status = CheckSASLAuth(&pg_be_oauth_mech, port, NULL, &logdetail,
    + 								   &abandoned);
      			break;
      	}
    - 
     
      ## src/test/modules/oauth_validator/t/001_server.pl ##
     @@ src/test/modules/oauth_validator/t/001_server.pl: $node->connect_fails(