Sets the library/libraries to use for validating OAuth connection tokens.
At a glance
| Property | Value |
|---|---|
| Parameter | oauth_validator_libraries |
| Category | Connections and Authentication |
| Default | (see documentation) |
| Value type | string |
| Change scope | Reload (postgresql.conf, SIGHUP) |
| Available in | PostgreSQL 18, 19 (added in 18) |
What it does
Sets the library/libraries to use for validating OAuth connection tokens. If only one validator library is provided, it will be used by default for any OAuth connections; otherwise, all oauth HBA entries must explicitly set a validator chosen from this list. If set to an empty string (the default), OAuth connections will be refused. This parameter can only be set in the postgresql.conf file.
Validator modules must be implemented/obtained separately; PostgreSQL does not ship with any default implementations. For more information on implementing OAuth validators, see oauth_validators.
(Description quoted from the official PostgreSQL documentation.)
How to apply a change
Set it in postgresql.conf (or with ALTER SYSTEM) and reload with SELECT pg_reload_conf(); or pg_ctl reload — no restart needed.
Inspect the current value and source with SHOW oauth_validator_libraries; or SELECT name, setting, unit, context, source FROM pg_settings WHERE name = 'oauth_validator_libraries';.
Tuning guidance
This is a connectivity or security setting, not a performance knob. Choose the value from your security and network requirements (TLS files, ciphers, keepalives, authentication behaviour) rather than for throughput, and verify it against your organization’s policy. Test changes in staging, because a wrong value here can lock clients out.