This section shows how to use the driver to authenticate to any data source that supports OAuth.

OAuth requires the authenticating user to interact with JSON using the browser. The driver facilitates this in various ways as described in the following sections.

Before following the procedures below, you need to register an OAuth app with the service to obtain the OAuthClientId and OAuthClientSecret.

Desktop Applications

After setting the following connection properties, you are ready to connect:

• OAuthVersion: Set this to the OAuth Version, either 1.0 or 2.0.
• OAuthRequestTokenURL: Required for OAuth 1.0. In OAuth 1.0 this is the URL where the app makes a request for the request token.
• OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
• OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
• OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
• OAuthClientId: Set this to the client Id in your app settings. This is also called the consumer key.
• OAuthClientSecret: Set this to the client secret in your app settings. This is also called the consumer secret.
• CallbackURL: Set this to http://localhost:33333. If you specified a redirect URL in your app settings, this must match.

When you connect, the driver opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:

1. Extracts the access token from the callback URL and authenticates requests.
2. Refreshes the access token when it expires.
3. Saves OAuth values to be persisted across connections.

JWT

The driver supports using JWT as an authorization grant in situations where a user cannot perform an interactive sign-on. After setting the following connection properties, you are ready to connect:

• OAuthVersion: Set this to 2.0
• OAuthAccessTokenURL: Set this to the URL where the JWT is exchanged for an access token.
• OAuthJWTCert: Set this to the certificate you want to use. In most cases this will be a path to a PEM or PFX file.
• OAuthJWTCertType: Set this to the correct certificate type. In most cases this will either PEMKEY_FILE or PFXFILE.
• OAuthJWTCertPassword: If the certificate is encrypted, set this to the encryption password.
• OAuthJWTIssuer: Set this to the issuer. This corresponds to the iss field in the JWT.

Note that the JWT signature algorithm cannot be set directly. Only the RS256 algorithm is supported.

The driver will then construct a JWT including following fields, and submit it to OAuthAccessTokenURL for an access token.

• scope This will come from Scope if it is provided.
• aud This will come from OAuthJWTAudience if it is provided.
• iss This will come from OAuthJWTIssuer.
• iat This is the time when the JWT is generated.
• exp This is the value of iat plus the value of OAuthJWTValidityTime.
• sub This will come from OAuthJWTSubject if it is provided.