Connecting to Virtual DataPort Using OAuth Authentication

The Denodo JDBC driver supports the OAuth 2.0 protocol for authentication and authorization of users. OAuth is an open-standard protocol that allows client applications to access Denodo without sending the password of the user account.

Before using OAuth to connect to Virtual DataPort, you have to enable OAuth in Virtual DataPort. Otherwise, the connections with OAuth will fail.

Denodo provides two paths to connect to Denodo using OAuth. Depending on the one you choose you have to add certain parameters or others. You can indicate these parameters either as parameters of the connection URL or as driver properties.

Path #1: OAuth 2.0 Authentication providing access token

The client application obtains an OAuth access token and passes it to the Denodo JDBC driver. Then, the driver uses this token to connect to Virtual DataPort.

This path is meant to be used by client applications that have the ability to obtain access tokens to connect to Virtual DataPort. This client application can obtain this access token for itself or on behalf of the end user of the application.

For this method, add the following parameter to the connection URL or as a driver properties:

Parameters for OAuth 2.0 authentication with access token

Property

Value

useOAuth2

true

accessToken

The OAuth 2.0 access token

Do not provide user or password.

Path #2: OAuth 2.0 by Resource Owner Password Credentials

If the client application does not have the ability of obtaining OAuth tokens, the driver can obtain one on behalf of the application, if the Identity Provider of your organization supports the Resource Owner Password Credentials OAuth flow.

In this case, you configure the connection with information about the Identity Provider. That is, the URL to request tokens to the Identity Provider, client id and client secret of the application you registered on the Identity Provider, etc.

When the client application opens a connection, the driver will request an OAuth token to the Identity Provider and will use that token to establish the connection.

For this method, add the following URL parameters to the connection URL:

Parameters for OAuth 2.0 authentication with Resource Owner Password Credentials

Property

Value

useOAuth2

true

user

The username provided by the client to obtain an access token

password

The password corresponding to the user that will be authenticated

tokenEndpoint

URL exposed by OAuth server to request the access token

clientId

Application’s Client ID. Usually, you obtain this when registering the client application in the Identity Provider.

clientSecret

Application’s Client secret

scope

String value of the different scopes requested

extraParams

Additional parameters that will be added to the body of the HTTP request the driver will send to obtain the OAuth tokens.

The syntax of this parameter is: param1=value1&param2=value2&...

You have to indicate this as a driver property, not a parameter in the connection URL.

useIdToken

If true, the driver will use the “id_token” for authentication. If false, it uses “access_token”.

Set this to true in an environment with “OpenID Connect”.

Default value: false

oauthSSLVerify

If true, the driver will validate the SSL certificate of the Identity Provider. If false, it will not validate the certificate.

Default value: true