SCRAM authentication correctness/improvements #710
Description
Bug report
Describe the bug
Currently, Supavisor returns SCRAM errors in the scram-server-final message error field. The message is an arbitrary string. psql, Postgrex, and some other clients handle this gracefully and show this error to the user.
Some other clients have different behaviour:
- node-postgres ignores this error completely and errors due to the
vfield not being present. - pgjdbc (apparently) only accepts the server errors defined in the RFC: https://github.com/ongres/scram/blob/dde95f22d0876d9d6478a75ffc57353c1c31d7a1/scram-common/src/main/java/com/ongres/scram/common/exception/ServerErrorValue.java#L2
Postgres leverages the fact that SCRAM allows you to return non-scram errors instead of returning scram-server-final, to ensure consistency across different auth methods and return "postgres errors" instead of "scram errors", see the comment: https://github.com/postgres/postgres/blob/2047ad068139f0b8c6da73d0b845ca9ba30fb33d/src/backend/libpq/auth-scram.c#L423.
Expected behavior
Align our behaviour with Postgres' to improve the auth errors saw by clients.