Connecting to Virtual DataPort Using OAuth Authentication¶
The Denodo JDBC driver supports the OAuth 2.0 protocol for authentication and authorization of users. OAuth is an open-standard protocol that allows client applications to access Denodo without sending the password of the user account.
Before using OAuth to connect to Virtual DataPort, you have to enable OAuth in Virtual DataPort. Otherwise, the connections with OAuth will fail.
Denodo provides two paths to connect to Denodo using OAuth. Depending on the one you choose you have to add certain parameters or others. You can indicate these parameters either as parameters of the connection URL or as driver properties.
Path #1: OAuth 2.0 Authentication providing access token
The client application obtains an OAuth access token and passes it to the Denodo JDBC driver. Then, the driver uses this token to connect to Virtual DataPort.
This path is meant to be used by client applications that have the ability to obtain access tokens to connect to Virtual DataPort. This client application can obtain this access token for itself or on behalf of the end user of the application.
For this method, add the following parameter to the connection URL or as a driver properties:
Property |
Value |
---|---|
useOAuth2 |
true |
accessToken |
The OAuth 2.0 access token |
Do not provide user or password.
Path #2: OAuth 2.0 by Resource Owner Password Credentials
If the client application does not have the ability of obtaining OAuth tokens, the driver can obtain one on behalf of the application, if the Identity Provider of your organization supports the Resource Owner Password Credentials OAuth flow.
In this case, you configure the connection with information about the Identity Provider. That is, the URL to request tokens to the Identity Provider, client id and client secret of the application you registered on the Identity Provider, etc.
When the client application opens a connection, the driver will request an OAuth token to the Identity Provider and will use that token to establish the connection.
For this method, add the following URL parameters to the connection URL:
Property |
Value |
---|---|
useOAuth2 |
true |
user |
The username provided by the client to obtain an access token |
password |
The password corresponding to the user that will be authenticated |
tokenEndpoint |
URL exposed by OAuth server to request the access token |
clientId |
Application’s Client ID. Usually, you obtain this when registering the client application in the Identity Provider. |
clientSecret |
Application’s Client secret |
scope |
String value of the different scopes requested |
extraParams |
Additional parameters that will be added to the body of the HTTP request the driver will send to obtain the OAuth tokens. The syntax of this parameter is:
You have to indicate this as a driver property, not a parameter in the connection URL. |
useIdToken |
If Set this to Default value: |
oauthSSLVerify |
If Default value: |