Unable to authenticate using entra id in logical replication mode

Question

Authentication mechanism: Entra ID authentication

User type: entra ID user. alter role with replication

Connect to the server using command (after logging in):
$ psql "host=test.postgres.database.azure.com port=5432 dbname=postgres user=entra_user@xxx.com password='$(az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken)' sslmode=require replication=database" psql: error: connection to server at "test.postgres.database.azure.com" (xxx.xxx.xxx.xxx), port 5432

Error:
failed: FATAL: password authentication failed for user "entra_user@xxx.com"

The reason for the failure seems to be that, Entra ID authentication on Azure Postgres FS is only supported for authentication using CLEARTEXT_PASSWORD. However, in logical replication mode, the required authentication is MD5_PASSWORD

Answer 1

@Shiva Vanamala Thank you for reaching out.

Currently, it is not possible to use MSFT Entra users for logical replication in Azure Database for PostgreSQL flexible server. For example, if the token expires and connections need to be re-established, it won't be possible to retrieve the token itself, which would disrupt the replication process.  While MSFT Entra integration in Azure Database for PostgreSQL offers benefits for user authentication and authorization, it is not designed for direct use in replication scenarios.

Regards,

Oury