Where the open-source database community meets: Secure your spot at PerconaLive.com
Back to all talks

Don’t OIDC Yourself in the Foot: Postgres 18’s New Auth Explained

Event: PGConf Germany 2026

Location: Essen, Germany

Dates: 21 April 2026 – 22 April 2026

Presentation: 21 April 2026

Link: On event website

Speaker: Zsolt Parragi

Postgres 18 adds native support for OAuth and OpenID Connect (OIDC) authentication, one of the most significant security-related changes in years. While widespread adoption will take time, since the feature requires client-side support and external validators, it is already possible to experiment with command-line clients like psql together with validators such as pg_oidc_validator.

This talk includes a demo of a minimal setup using Keycloak and pg_oidc_validator, showing how developers and DBAs can start experimenting immediately. We’ll then dive into how PostgreSQL integrates with OIDC under the hood, demystifying the flow from token issuance to database login.

OIDC promises convenience and streamlined “single sign-on,” yet it’s surprisingly easy to deploy insecurely, and sometimes less secure than traditional password-based authentication. This session highlights the most common pitfalls, misconceptions, and misconfigurations seen in OIDC deployments and provides clear guidance on how to avoid them. Attendees will leave with a practical understanding of both the power and the sharp edges of OIDC in Postgres 18.

Speaker card

Don’t OIDC Yourself in the Foot: Postgres 18’s New Auth Explained

Speakers

Zsolt Parragi

Zsolt Parragi

Zsolt joined Percona as a software developer in 2017 and has been working on Percona’s database products ever since, initially focusing on MySQL and later switching to PostgreSQL.

He likes to focus on things that make life easier and safer: encryption, authentication, extensibility, testing, and tooling.

View full profile ›