OAuth2 Enhancements in pgAdmin

February 03, 2023

pgAdmin supports multiple authentication methods including OAuth2 for login into the app in web mode. We have added support for OAuth2 in July 2021. After that, the development team enhanced the OAuth2 functionality.


After releasing OAuth2 support, pgAdmin introduced OAuth2 scope configuration. Initially, we supported only 2 scopes, i.e. profile and email, now users can configure as many as scopes with OAUTH2_SCOPE parameter.

Profile Parameter

Next, to support Azure AD OAuth2 authentication, we added mail in addition to email profile parameters.

Server Metadata URL

After that, we introduced the server metadata url which is mandatory for some OAuth2 providers like Azure AD, Google etc. Server metadata is a specification that defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities. Source: https://www.rfc-editor.org/rfc/rfc8414.html.

Use 'OAUTH2_SERVER_METADATA_URL configuration option to set this parameter.

Username Claim

Recently, we have introduced an OAuth2 username claim. By default, pgAdmin uses email as the username for OAuth2 users. It could be possible that some of the profiles don’t have an email address. To solve this issue, a configuration parameter, 'OAUTH2_USERNAME_CLAIM' was added. So if this parameter is set then, pgAdmin will consider this field as a username otherwise it will default to the email address.

Here is the sample pgAdmin Oauth2 configuration for Google. 

    'OAUTH2_NAME': 'google',
    'OAUTH2_DISPLAY_NAME': 'Google',
    'OAUTH2_CLIENT_ID': 'xxxxxxxx',
    'OAUTH2_CLIENT_SECRET': 'xxxxxxxx',
    'OAUTH2_TOKEN_URL': 'https://oauth2.googleapis.com/token',
    'OAUTH2_AUTHORIZATION_URL': 'https://accounts.google.com/o/oauth2/auth',
    'OAUTH2_API_BASE_URL': 'https://openidconnect.googleapis.com/v3/',
    'OAUTH2_SERVER_METADATA_URL':        'https://accounts.google.com/.well-known/openid-configuration',
    'OAUTH2_USERINFO_ENDPOINT': 'userinfo',
    'OAUTH2_ICON': 'fa-google',
    'OAUTH2_BUTTON_COLOR': '#3253a8',
    'OAUTH2_SCOPE': 'openid email'

Note: Multiple Oauth2 provider configurations are supported too.


We are in a continuous process of enhancing and improving pgAdmin for better user experience. These OAuth2 enhancements were requested by users and some of the community members contributed to fulfill these requests. I would like to encourage all to contribute towards open source projects.

Share this

Relevant Blogs

More Blogs

Create an ERD in pgAdmin 4

The Entity-Relationship Diagram (ERD) tool is a database design tool that provides a graphical representation of database tables, columns, and inter-relationships. An ERD can give sufficient information for the database...
February 01, 2023

What’s New in Postgres 15: Webinar Highlights

Recently, EDB hosted an exciting webinar entitled “What’s New in Postgres 15,” which covered the development process for the latest version of PostgreSQL, as well as new features and benefits...
January 15, 2023