{"id":9736,"date":"2025-07-11T09:55:21","date_gmt":"2025-07-11T07:55:21","guid":{"rendered":"https:\/\/www.credativ.de\/blog\/credativ-inside\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/"},"modified":"2025-11-24T19:18:58","modified_gmt":"2025-11-24T18:18:58","slug":"postgresql-18-meets-oauth2-how-native-support-works-with-keycloak","status":"publish","type":"post","link":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/","title":{"rendered":"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak"},"content":{"rendered":"

\"PostgreSQLWith the release of the beta version of PostgreSQL 18<\/a>, an exciting new feature was introduced: native support for OAuth2. Since I couldn’t find any guide or blog post online showing how to use this feature, I decided out of curiosity to try it out myself. <\/p>\n

I created a new project directory and started experimenting.<\/p>\n

Environment and Objective<\/h2>\n

The goal was to set up PostgreSQL 18<\/strong> Beta with OAuth2 authentication; for the identity provider, I chose Keycloak<\/strong>.<\/p>\n

I decided to use Docker Compose to quickly and easily spin up both services.<\/p>\n

Docker Compose Configuration<\/h2>\n

Here is the docker-compose.yml<\/code>, which I used:<\/p>\n

\n
services<\/span>:<\/span><\/span>\n  mock-oauth2<\/span>:<\/span><\/span>\n    image<\/span>:<\/span> quay.io\/keycloak\/keycloak:24.0<\/span><\/span>\n    command<\/span>:<\/span> start --https-port=8080 --https-key-store-file=\/etc\/x509\/https\/localhost.p12 --https-key-store-password=changeit --import-realm --hostname-strict=false --hostname-url=https:\/\/mock-oauth2:8080<\/span><\/span>\n    ports<\/span>:<\/span><\/span>\n      -<\/span> \"8080:8080\"<\/span><\/span>\n    environment<\/span>:<\/span><\/span>\n      KEYCLOAK_ADMIN<\/span>:<\/span> admin<\/span><\/span>\n      KEYCLOAK_ADMIN_PASSWORD<\/span>:<\/span> admin<\/span><\/span>\n    volumes<\/span>:<\/span><\/span>\n      -<\/span> .\/certs:\/etc\/x509\/https<\/span><\/span>\n      -<\/span> .\/keycloak-realm.json:\/opt\/keycloak\/data\/import\/realm.json<\/span><\/span>\n    networks<\/span>:<\/span><\/span>\n      -<\/span> pgnet<\/span><\/span>\n\n  postgres18<\/span>:<\/span><\/span>\n    build<\/span>:<\/span> .<\/span><\/span>\n    ports<\/span>:<\/span><\/span>\n      -<\/span> \"5432:5432\"<\/span><\/span>\n    environment<\/span>:<\/span><\/span>\n      POSTGRES_PASSWORD<\/span>:<\/span> postgres<\/span><\/span>\n    volumes<\/span>:<\/span><\/span>\n      -<\/span> .\/postgres\/postgresql.conf:\/etc\/postgresql\/postgresql.conf<\/span><\/span>\n      -<\/span> .\/postgres\/pg_hba.conf:\/etc\/postgresql\/pg_hba.conf<\/span><\/span>\n    command<\/span>:<\/span> [<\/span>\"-c\"<\/span>,<\/span> \"config_file=\/etc\/postgresql\/postgresql.conf\"<\/span>]<\/span><\/span>\n    networks<\/span>:<\/span><\/span>\n      -<\/span> pgnet<\/span><\/span>\n\nnetworks<\/span>:<\/span><\/span>\n  pgnet<\/span>:<\/span><\/span>\n    driver<\/span>:<\/span> bridge<\/span><\/span><\/code><\/pre>\n<\/div>\n
PostgreSQL expects a connection to the OAuth2 issuer via HTTPS. The same URL must also be accessible from the host, for example, when using the Keycloak UI. This means the certificate must be valid and trusted on both the host and in the container.  <\/p>\n
The hostname used (e.g., https:\/\/mock-oauth2:8080<\/code>) must be correctly resolvable in both environments.<\/p>\n
For this, I added the following line to my \/etc\/hosts<\/code> file on the host:<\/p>\n
127.0.0.1 mock-oauth2<\/code><\/pre>\n
This allowed both the PostgreSQL container and my host to reach the Keycloak service at https:\/\/mock-oauth2:8080<\/code>.<\/p>\n
TLS Certificate for Keycloak<\/h2>\n
Keycloak absolutely requires an HTTPS endpoint for the OAuth2 issuer URL to be accepted by PostgreSQL.<\/p>\n
For this, I created a self-signed certificate and converted it into a .p12<\/code> keystore package that Keycloak can use.<\/p>\n
The .p12<\/code> certificate is integrated into the container via the following mount:<\/p>\n
\n
volumes<\/span>:<\/span><\/span>\n  -<\/span> .\/certs:\/etc\/x509\/https<\/span><\/span><\/code><\/pre>\n<\/div>\n
In the certs<\/code> directory, there is the localhost.p12<\/code> file, which I created from my self-signed key and certificate as follows:<\/p>\n
\n
openssl<\/span> req -x509<\/span> -nodes<\/span> -days<\/span> 365 \\<\/span><\/span>\n  -newkey<\/span> rsa:2048 \\<\/span><\/span>\n  -keyout<\/span> server.key \\<\/span><\/span>\n  -out<\/span> server.crt \\<\/span><\/span>\n  -subj<\/span> \"\/CN=mock-oauth2\"<\/span> \\<\/span><\/span>\n  -addext<\/span> \"subjectAltName = DNS:mock-oauth2,DNS:localhost,IP:127.0.0.1\"<\/span><\/span><\/code><\/pre>\n<\/div>\n
Keycloak Realm Configuration<\/h2>\n
I created a minimalist realm file for Keycloak. It contains a client named postgres<\/code> and a user with corresponding credentials. <\/p>\n
Content of keycloak-realm.json<\/code>:<\/p>\n
\n
{<\/span><\/span>\n  \"realm\"<\/span>:<\/span> \"pg\"<\/span>,<\/span><\/span>\n  \"enabled\"<\/span>:<\/span> true<\/span>,<\/span><\/span>\n  \"clients\"<\/span>:<\/span> [<\/span><\/span>\n    {<\/span><\/span>\n      \"clientId\"<\/span>:<\/span> \"postgres\"<\/span>,<\/span><\/span>\n      \"enabled\"<\/span>:<\/span> true<\/span>,<\/span><\/span>\n      \"publicClient\"<\/span>:<\/span> false<\/span>,<\/span><\/span>\n      \"redirectUris\"<\/span>:<\/span> [<\/span>\"*\"<\/span>]<\/span>,<\/span><\/span>\n      \"protocol\"<\/span>:<\/span> \"openid-connect\"<\/span>,<\/span><\/span>\n      \"secret\"<\/span>:<\/span> \"postgres\"<\/span>,<\/span><\/span>\n      \"directAccessGrantsEnabled\"<\/span>:<\/span> true<\/span>,<\/span><\/span>\n      \"standardFlowEnabled\"<\/span>:<\/span> true<\/span><\/span>\n    }<\/span><\/span>\n  ]<\/span>,<\/span><\/span>\n  \"users\"<\/span>:<\/span> [<\/span><\/span>\n    {<\/span><\/span>\n      \"username\"<\/span>:<\/span> \"postgres\"<\/span>,<\/span><\/span>\n      \"enabled\"<\/span>:<\/span> true<\/span>,<\/span><\/span>\n      \"credentials\"<\/span>:<\/span> [<\/span><\/span>\n        {<\/span><\/span>\n          \"type\"<\/span>:<\/span> \"password\"<\/span>,<\/span><\/span>\n          \"value\"<\/span>:<\/span> \"postgres\"<\/span><\/span>\n        }<\/span><\/span>\n      ]<\/span><\/span>\n    }<\/span><\/span>\n  ]<\/span><\/span>\n}<\/span><\/span><\/code><\/pre>\n<\/div>\n
After importing the realm, Keycloak was ready and the default scope was visible in the UI.<\/p>\n
Installation of libpq-oauth<\/code> and  oauth_validator<\/code><\/h2>\n
I had to extend the official PostgreSQL image to include additional dependencies such as the extension  libpq-oauth<\/code>  as well as the validator  oauth_validator<\/code>  to install.<\/p>\n
PostgreSQL 18 experimentally supports OAuth2 authentication. However, PostgreSQL does not provide its own validator library<\/strong>. The official documentation states:  <\/p>\n
The PostgreSQL distribution does not include libraries for validating OAuth2 tokens. Users must provide their own solution or compile one themselves. <\/em>
\nPostgreSQL
\nDocs \u2013  oauth_validator_libraries<\/code><\/a><\/p><\/blockquote>\n
For testing, I used the following open-source implementation:<\/p>\n
github.com\/TantorLabs\/oauth_validator<\/a><\/p><\/blockquote>\n
This minimalist C library can be compiled and used as oauth_validator_library<\/code> in PostgreSQL.<\/p>\n
Used Dockerfile<\/h3>\n
\n
FROM<\/span> postgres:18beta1<\/span>\n\nUSER<\/span> root<\/span>\n\nRUN<\/span> apt-get<\/span> update \\<\/span><\/span>\n    &&<\/span> apt-get<\/span> install -y<\/span> libpq-oauth build-essential libkrb5-dev \\<\/span><\/span>\n       libsasl2-dev libcurl4-openssl-dev postgresql-server-dev-18 git \\<\/span><\/span>\n    &&<\/span> git<\/span> clone https:\/\/github.com\/TantorLabs\/oauth_validator.git \/tmp\/oauth_validator \\<\/span><\/span>\n    &&<\/span> cd<\/span> \/tmp\/oauth_validator \\<\/span><\/span>\n    &&<\/span> make<\/span> &&<\/span> make<\/span> install \\<\/span><\/span>\n    &&<\/span> rm<\/span> -rf<\/span> \/tmp\/oauth_validator \\<\/span><\/span>\n    &&<\/span> apt-get<\/span> remove -y<\/span> build-essential git \\<\/span><\/span>\n    &&<\/span> apt-get<\/span> autoremove -y<\/span> &&<\/span> rm<\/span> -rf<\/span> \/var\/lib\/apt\/lists\/*<\/span><\/span><\/code><\/pre>\n<\/div>\n
I then used this image for the `postgres18` service in my Docker Compose setup.<\/p>\n
Making PostgreSQL Trust the Keycloak CA<\/h2>\n
PostgreSQL must trust the certificate presented by Keycloak, otherwise the connection to the OAuth2 issuer will be rejected.<\/p>\n
For this, I copied the `mock-oauth.crt` file into the PostgreSQL container and placed it in the typical CA path:<\/p>\n
\n
\/usr\/local\/share\/ca-certificates\/<\/span><\/span><\/code><\/pre>\n<\/div>\n
Then, inside the container, I executed the following command:<\/p>\n
\n
update-ca-certificates<\/span><\/span><\/code><\/pre>\n<\/div>\n
After that, the certificate was accepted, and PostgreSQL could successfully verify the connection to the HTTPS issuer.<\/p>\n
PostgreSQL Configuration<\/h2>\n
In  pg_hba.conf<\/code> , I added the following line:<\/p>\n
\n
host<\/span> all all all oauth scope=\"profile\"<\/span> issuer=\"https:\/\/mock-oauth2:8080\/realms\/pg\"<\/span> map=\"oauthmap\"<\/span><\/span><\/code><\/pre>\n<\/div>\n
In pg_ident.conf<\/code>, I mapped the identity provided by the token to the PostgreSQL user:<\/p>\n
oauthmap \"postgresID\" \"postgres\"<\/code><\/pre>\n
This mapping may need to be adjusted \u2013 depending on how your Keycloak client is configured and which field (e.g.,
\npreferred_username<\/code>  or sub<\/code>) is passed in the token.<\/p>\n
Connection Test with OAuth2<\/h2>\n
To test the connection, I used the following `psql` command:<\/p>\n
\n
psql<\/span> \"host=localhost <\/span>\\<\/span><\/span>\n      port=5432 <\/span>\\<\/span><\/span>\n      dbname=postgres <\/span>\\<\/span><\/span>\n      user=postgres <\/span>\\<\/span><\/span>\n      oauth_issuer=https:\/\/mock-oauth2:8080\/realms\/pg <\/span>\\<\/span><\/span>\n      oauth_client_id=postgres <\/span>\\<\/span><\/span>\n      oauth_client_secret=changeme <\/span>\\<\/span><\/span>\n      oauth_scope=profile\"<\/span><\/span><\/code><\/pre>\n<\/div>\n
After the call, a device code message appears, such as:<\/p>\n
Visit `https:\/\/mock-oauth2:8080\/realms\/pg\/device` and enter the code FBAD-XXYZ<\/strong>.<\/p><\/blockquote>\n
After logging in with the user credentials, `psql` successfully establishes a connection to PostgreSQL via OAuth2.<\/p>\n
Insights and Tips<\/h2>\n
    \n
  • PostgreSQL 18 requires HTTPS<\/strong> for the OAuth2 issuer URL \u2013 even in a local setup.<\/li>\n
  • pg_hba.conf<\/code>  is sensitive to formatting errors. I had to reload the configuration multiple times (SELECT pg_reload_conf();<\/code>) and carefully analyze the logs. <\/li>\n
  • To trust a local certificate authority, it is sufficient to copy the .crt<\/code> certificate into the container and register it with update-ca-certificates<\/code>.<\/li>\n
  • Keycloak is well-suited for testing with OAuth2, but you may need to experiment with scopes, claims, and secrets until everything aligns with PostgreSQL.<\/li>\n<\/ul>\n
    Conclusion<\/h2>\n
    This was an exciting, practical experiment with a promising new feature in PostgreSQL. OAuth2 integration brings PostgreSQL closer to modern identity management solutions and simplifies operations in environments with centralized authentication. <\/p>\n","protected":false},"excerpt":{"rendered":"
    With the release of the beta version of PostgreSQL 18, an exciting new feature was introduced: native support for OAuth2. Since I couldn’t find any guide or blog post online showing how to use this feature, I decided out of curiosity to try it out myself. I created a new project directory and started experimenting. […]<\/p>\n","protected":false},"author":84,"featured_media":9735,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3,1708],"tags":[2080,1801],"class_list":["post-9736","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-credativ-inside","category-postgresql-en","tag-oauth2","tag-postgresql-en"],"acf":[],"yoast_head":"\nPostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak - credativ\u00ae<\/title>\n<meta name=\"description\" content=\"PostgreSQL 18 offers native OAuth2 support. Here's how you can use this feature with Docker Compose.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak\" \/>\n<meta property=\"og:description\" content=\"PostgreSQL 18 offers native OAuth2 support. Here's how you can use this feature with Docker Compose.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/\" \/>\n<meta property=\"og:site_name\" content=\"credativ\u00ae\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/credativDE\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-11T07:55:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-24T18:18:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/07\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"2048\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Felix Alipaz-Dicke\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@credativde\" \/>\n<meta name=\"twitter:site\" content=\"@credativde\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Felix Alipaz-Dicke\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/\"},\"author\":{\"name\":\"Felix Alipaz-Dicke\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#\\\/schema\\\/person\\\/f7368d35ad7a1d1644fe6a02d38e94f0\"},\"headline\":\"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak\",\"datePublished\":\"2025-07-11T07:55:21+00:00\",\"dateModified\":\"2025-11-24T18:18:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/\"},\"wordCount\":684,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png\",\"keywords\":[\"OAuth2\",\"PostgreSQL\u00ae\"],\"articleSection\":[\"credativ\u00ae Inside\",\"PostgreSQL\u00ae\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/\",\"name\":\"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak - credativ\u00ae\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png\",\"datePublished\":\"2025-07-11T07:55:21+00:00\",\"dateModified\":\"2025-11-24T18:18:58+00:00\",\"description\":\"PostgreSQL 18 offers native OAuth2 support. Here's how you can use this feature with Docker Compose.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png\",\"contentUrl\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png\",\"width\":2048,\"height\":2048,\"caption\":\"PostgreSQL Meets OAuth2\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/\",\"name\":\"credativ GmbH\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Organization\",\"Place\"],\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#organization\",\"name\":\"credativ\u00ae\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/\",\"logo\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#local-main-organization-logo\"},\"image\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#local-main-organization-logo\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/credativDE\\\/\",\"https:\\\/\\\/x.com\\\/credativde\",\"https:\\\/\\\/mastodon.social\\\/@credativde\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/credativ-gmbh\",\"https:\\\/\\\/www.instagram.com\\\/credativ\\\/\"],\"description\":\"Die credativ GmbH ist ein f\u00fchrendes, auf Open Source Software spezialisiertes IT-Dienstleistungs- und Beratungsunternehmen. Wir bieten umfassende und professionelle Services, von Beratung und Infrastruktur-Betrieb \u00fcber 24\\\/7 Support bis hin zu individuellen L\u00f6sungen und Schulungen. Unser Fokus liegt auf dem ganzheitlichen Management von gesch\u00e4ftskritischen Open-Source-Systemen, darunter Betriebssysteme (z.B. Linux), Datenbanken (z.B. PostgreSQL), Konfigurationsmanagement (z.B. Ansible, Puppet) und Virtualisierung. Als engagierter Teil der Open-Source-Community unterst\u00fctzen wir unsere Kunden dabei, die Vorteile freier Software sicher, stabil und effizient in ihrer IT-Umgebung zu nutzen.\",\"legalName\":\"credativ GmbH\",\"foundingDate\":\"2025-03-01\",\"duns\":\"316387060\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"},\"address\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#local-main-place-address\"},\"geo\":{\"@type\":\"GeoCoordinates\",\"latitude\":\"51.1732374\",\"longitude\":\"6.392010099999999\"},\"telephone\":[\"+4921619174200\",\"08002733284\"],\"contactPoint\":{\"@type\":\"ContactPoint\",\"telephone\":\"08002733284\",\"email\":\"vertrieb@credativ.de\"},\"openingHoursSpecification\":[{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Monday\",\"Tuesday\",\"Wednesday\",\"Thursday\",\"Friday\"],\"opens\":\"09:00\",\"closes\":\"17:00\"},{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Saturday\",\"Sunday\"],\"opens\":\"00:00\",\"closes\":\"00:00\"}],\"email\":\"info@credativ.de\",\"areaServed\":\"D-A-CH\",\"vatID\":\"DE452151696\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#\\\/schema\\\/person\\\/f7368d35ad7a1d1644fe6a02d38e94f0\",\"name\":\"Felix Alipaz-Dicke\"},{\"@type\":\"PostalAddress\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#local-main-place-address\",\"streetAddress\":\"Hennes-Weisweiler-Allee 23\",\"addressLocality\":\"M\u00f6nchengladbach\",\"postalCode\":\"41179\",\"addressRegion\":\"Deutschland\",\"addressCountry\":\"DE\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/postgresql-en\\\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\\\/#local-main-organization-logo\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/credativ-logo-right.svg\",\"contentUrl\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/credativ-logo-right.svg\",\"caption\":\"credativ\u00ae\"}]}<\/script>\n<meta name=\"geo.placename\" content=\"M\u00f6nchengladbach\" \/>\n<meta name=\"geo.position\" content=\"51.1732374;6.392010099999999\" \/>\n<meta name=\"geo.region\" content=\"Germany\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak - credativ\u00ae","description":"PostgreSQL 18 offers native OAuth2 support. Here's how you can use this feature with Docker Compose.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/","og_locale":"en_US","og_type":"article","og_title":"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak","og_description":"PostgreSQL 18 offers native OAuth2 support. Here's how you can use this feature with Docker Compose.","og_url":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/","og_site_name":"credativ\u00ae","article_publisher":"https:\/\/www.facebook.com\/credativDE\/","article_published_time":"2025-07-11T07:55:21+00:00","article_modified_time":"2025-11-24T18:18:58+00:00","og_image":[{"width":2048,"height":2048,"url":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/07\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png","type":"image\/png"}],"author":"Felix Alipaz-Dicke","twitter_card":"summary_large_image","twitter_creator":"@credativde","twitter_site":"@credativde","twitter_misc":{"Written by":"Felix Alipaz-Dicke","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#article","isPartOf":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/"},"author":{"name":"Felix Alipaz-Dicke","@id":"https:\/\/www.credativ.de\/en\/#\/schema\/person\/f7368d35ad7a1d1644fe6a02d38e94f0"},"headline":"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak","datePublished":"2025-07-11T07:55:21+00:00","dateModified":"2025-11-24T18:18:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/"},"wordCount":684,"commentCount":0,"publisher":{"@id":"https:\/\/www.credativ.de\/en\/#organization"},"image":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#primaryimage"},"thumbnailUrl":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/07\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png","keywords":["OAuth2","PostgreSQL\u00ae"],"articleSection":["credativ\u00ae Inside","PostgreSQL\u00ae"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/www.credativ.de\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/","url":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/","name":"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak - credativ\u00ae","isPartOf":{"@id":"https:\/\/www.credativ.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#primaryimage"},"image":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#primaryimage"},"thumbnailUrl":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/07\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png","datePublished":"2025-07-11T07:55:21+00:00","dateModified":"2025-11-24T18:18:58+00:00","description":"PostgreSQL 18 offers native OAuth2 support. Here's how you can use this feature with Docker Compose.","breadcrumb":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#primaryimage","url":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/07\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png","contentUrl":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/07\/Gemini_Generated_Image_rdvsmprdvsmprdvs.png","width":2048,"height":2048,"caption":"PostgreSQL Meets OAuth2"},{"@type":"BreadcrumbList","@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.credativ.de\/en\/"},{"@type":"ListItem","position":2,"name":"PostgreSQL 18 Meets OAuth2: how Native Support Works with Keycloak"}]},{"@type":"WebSite","@id":"https:\/\/www.credativ.de\/en\/#website","url":"https:\/\/www.credativ.de\/en\/","name":"credativ GmbH","description":"","publisher":{"@id":"https:\/\/www.credativ.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.credativ.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Organization","Place"],"@id":"https:\/\/www.credativ.de\/en\/#organization","name":"credativ\u00ae","url":"https:\/\/www.credativ.de\/en\/","logo":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#local-main-organization-logo"},"image":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#local-main-organization-logo"},"sameAs":["https:\/\/www.facebook.com\/credativDE\/","https:\/\/x.com\/credativde","https:\/\/mastodon.social\/@credativde","https:\/\/www.linkedin.com\/company\/credativ-gmbh","https:\/\/www.instagram.com\/credativ\/"],"description":"Die credativ GmbH ist ein f\u00fchrendes, auf Open Source Software spezialisiertes IT-Dienstleistungs- und Beratungsunternehmen. Wir bieten umfassende und professionelle Services, von Beratung und Infrastruktur-Betrieb \u00fcber 24\/7 Support bis hin zu individuellen L\u00f6sungen und Schulungen. Unser Fokus liegt auf dem ganzheitlichen Management von gesch\u00e4ftskritischen Open-Source-Systemen, darunter Betriebssysteme (z.B. Linux), Datenbanken (z.B. PostgreSQL), Konfigurationsmanagement (z.B. Ansible, Puppet) und Virtualisierung. Als engagierter Teil der Open-Source-Community unterst\u00fctzen wir unsere Kunden dabei, die Vorteile freier Software sicher, stabil und effizient in ihrer IT-Umgebung zu nutzen.","legalName":"credativ GmbH","foundingDate":"2025-03-01","duns":"316387060","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"},"address":{"@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#local-main-place-address"},"geo":{"@type":"GeoCoordinates","latitude":"51.1732374","longitude":"6.392010099999999"},"telephone":["+4921619174200","08002733284"],"contactPoint":{"@type":"ContactPoint","telephone":"08002733284","email":"vertrieb@credativ.de"},"openingHoursSpecification":[{"@type":"OpeningHoursSpecification","dayOfWeek":["Monday","Tuesday","Wednesday","Thursday","Friday"],"opens":"09:00","closes":"17:00"},{"@type":"OpeningHoursSpecification","dayOfWeek":["Saturday","Sunday"],"opens":"00:00","closes":"00:00"}],"email":"info@credativ.de","areaServed":"D-A-CH","vatID":"DE452151696"},{"@type":"Person","@id":"https:\/\/www.credativ.de\/en\/#\/schema\/person\/f7368d35ad7a1d1644fe6a02d38e94f0","name":"Felix Alipaz-Dicke"},{"@type":"PostalAddress","@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#local-main-place-address","streetAddress":"Hennes-Weisweiler-Allee 23","addressLocality":"M\u00f6nchengladbach","postalCode":"41179","addressRegion":"Deutschland","addressCountry":"DE"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.credativ.de\/en\/blog\/postgresql-en\/postgresql-18-meets-oauth2-how-native-support-works-with-keycloak\/#local-main-organization-logo","url":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/04\/credativ-logo-right.svg","contentUrl":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/04\/credativ-logo-right.svg","caption":"credativ\u00ae"}]},"geo.placename":"M\u00f6nchengladbach","geo.position":{"lat":"51.1732374","long":"6.392010099999999"},"geo.region":"Germany"},"_links":{"self":[{"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/posts\/9736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/users\/84"}],"replies":[{"embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/comments?post=9736"}],"version-history":[{"count":3,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/posts\/9736\/revisions"}],"predecessor-version":[{"id":10260,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/posts\/9736\/revisions\/10260"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/media\/9735"}],"wp:attachment":[{"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/media?parent=9736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/categories?post=9736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/tags?post=9736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}