Linux DSN Configuration
This section describes how to set up ODBC connectivity and configure DSNs on several Linux distributions: Debian-based systems, like Ubuntu, and Red Hat Linux platforms, like Red Hat Enterprise Linux (RHEL), CentOS, and Fedora.
Minimum Linux Versions
Here are the minimum supported versions for Red Hat-based and Debian-based systems:
OS | Min. Version |
Ubuntu | 11.04 |
Debian | 7 |
RHEL | 6.9 |
CentOS | 6.9 |
Fedora | 13 |
SUSE | 12.1 |
Installing the Driver Dependencies
Run the following commands as root or with sudo to install the necessary dependencies:
- Debian/Ubuntu:
apt-get install libc6 libstdc++6 zlib1g libgcc1
- RHEL/CentOS/Fedora:
yum install glibc libstdc++ zlib libgcc
Here are the corresponding libraries required by the driver:
Debian/Ubuntu Package | RHEL/CentOS/Fedora Package | File |
libc6 | glibc | linux-vdso.1 |
libc6 | glibc | libm.so.6 |
libc6 | glibc | librt.so.1 |
libc6 | glibc | libdl.so.2 |
libc6 | glibc | libpthread.so.0 |
libc6 | glibc | libc.so.6 |
libc6 | glibc | ld-linux-x86-64.so.2 |
libstdc++6 | libstdc++ | libstdc++.so.6 |
zlib1g | zlib | libz.so.1 |
libgcc1 | libgcc | libgcc_s.so.1 |
Installing the Driver
You can use standard package management systems to install the driver.
On Debian-based systems, like Ubuntu, run the following command with root or sudo:
dpkg -i /path/to/driver/setup/GraphQLODBCDriverforUnix.deb
On systems that support the RPM package format, run the following command with root or sudo:
rpm -ivh /path/to/driver/GraphQLODBCDriverforUnix.rpm
Licensing the Driver
Run the following commands to license the driver. To activate a trial, omit the <key> input.
cd /opt/cdata/cdata-odbc-driver-for-graphql/bin/
sudo ./install-license.sh <key>
Connecting through the Driver Manager
The driver manager loads the driver and passes function calls from the application to the driver. You need to register the driver with the driver manager and you define DSNs in the driver manager's configuration files.
The driver installation registers the driver with the unixODBC driver manager and creates a system DSN. The unixODBC driver manager can be used from Python and from many other applications. Your application may embed another driver manager.
Creating the DSN
See Using unixODBC to install unixODBC and configure DSNs. See Using the DataDirect Driver Manager to create a DSN to connect to OBIEE, Informatica, and SAS.
Connecting to GraphQL
Set the following to connect:
- URL: Specify the URL of the GraphQL service, for example https://api.example.com/graphql.
- Location: Set this to the file path containing any custom defined schemas for the GraphQL service.
Authenticating to GraphQL
The driver supports the following types of authentication:- Basic
- OAuth 1.0 & 2.0
- OAuthPKCE
- AWS Cognito Credentials:
- AwsCognitoSrp
- AwsCognitoBasic
Basic
Set AuthScheme to Basic. You must specify the User and Password of the GraphQL service.
OAuth
In all OAuth flows, you must set AuthScheme to OAuth and OAuthVersion to 1.0 or 2.0. The following sections assume you have done so.Desktop Applications
After setting the following connection properties, you are ready to connect:- OAuthRequestTokenURL: Required for OAuth 1.0. This is the URL where the application makes a request for the request token.
- OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
- OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
- OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
- OAuthClientId: Set this to the client Id in your application settings. This is also called the consumer key.
- OAuthClientSecret: Set this to the client secret in your application settings. This is also called the consumer secret.
- CallbackURL: Set this to http://localhost:33333. If you specified a redirect URL in your application settings, this must match.
- Extracts the access token from the callback URL and authenticates requests.
- Refreshes the access token when it expires.
- Saves OAuth values. These values persist across connections.
Headless Machines
To create GraphQL data sources on headless servers or other machines on which the driver cannot open a browser, you need to authenticate from another machine. Authentication is a two-step process.
- Choose one of two options:
- Option 1: Obtain the OAuthVerifier value as described in "Obtain and Exchange a Verifier Code" below.
- Option 2: Install the driver on a machine with an internet browser and transfer the OAuth authentication values after you authenticate through the usual browser-based flow, as described in "Transfer OAuth Settings" below.
- Then configure the driver to automatically refresh the access token on the headless machine.
Option 1: Obtain and Exchange a Verifier Code
Set the following properties on the headless machine:
- InitiateOAuth: Set this to OFF.
- OAuthClientId: Set this to the application Id in your application settings.
- OAuthClientSecret: Set this to the application secret in your application settings.
You can then follow the steps below to authenticate from another machine and obtain the OAuthVerifier connection property.
- Call the GetOAuthAuthorizationURL stored procedure with the CallbackURL input parameter set to the exact Redirect URI you specified in your application settings.
- Save the value of the returned AuthToken and AuthKey if OAuthVersion is set to 1.0. They are used in the next step.
- Open the returned URL in a browser. Log in and grant permissions to the driver. You are then redirected to the callback URL, which contains the verifier code.
- Save the value of the verifier code. Later, you must set this in the OAuthVerifier connection property.
On the headless machine, set the following connection properties to obtain the OAuth authentication values:
- OAuthRequestTokenURL: Required for OAuth 1.0. In OAuth 1.0 this is the URL where the application makes a request for the request token.
- OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
- OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
- OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
- OAuthClientId: Set this to the client Id in your application settings.
- OAuthClientSecret: Set this to the client secret in your application settings.
- CallbackURL: Set this to http://localhost:33333. If you specified a redirect URL in your application settings, this must match.
Connect to Data
After the OAuth settings file is generated, set the following properties to connect to data:
- OAuthSettingsLocation: Set this to the file containing the encrypted OAuth authentication values. Make sure this file gives read and write permissions to the provider to enable the automatic refreshing of the access token.
- InitiateOAuth: Set this to REFRESH.
Option 2: Transfer OAuth Settings
Follow the steps below to install the driver on another machine, authenticate, and then transfer the resulting OAuth values.
On a second machine, install the driver and connect with the following properties set:
- OAuthSettingsLocation: Set this to a writable text file.
- OAuthClientId: Set this to the Client Id in your application settings.
- OAuthClientSecret: Set this to the Client Secret in your application settings.
- CallbackURL: Set this to the Callback URL in your application settings.
Test the connection to authenticate. The resulting authentication values are written, encrypted, to the path specified by OAuthSettingsLocation. After you have successfully tested the connection, copy the OAuth settings file to your headless machine. On the headless machine, set the following connection properties to connect to data:
- InitiateOAuth: Set this to REFRESH.
- OAuthSettingsLocation: Set this to the path to your OAuth settings file. Make sure this file gives read and write permissions to the driver to enable the automatic refreshing of the access token.
OAuthPKCE
NOTE:OAuth Proof Key for Code Exchange (PKCE) is an extension to the OAuth 2.0 Authorization Code flow.
Desktop Applications
After setting the following, you are ready to connect:- AuthScheme: Set this to OAuthPKCE.
- InitiateOAuth: Set this to GETANDREFRESH to avoid making the OAuth exchange manually and manually setting the access token in the connection string.
- OAuthClientId: Set this to the client Id generated when creating your OAuth application on the GraphQL service.
- OAuthAuthorizationURL: Set this to the authorization URL for the GraphQL service. This is the URL where the user logs into the service and grants permissions to the OAuth application, for example https://api.example.com/authorize.
- OAuthAccessTokenURL: Set this to the access token URL for the GraphQL service. This is the URL where the request for the access token is made, for example https://api.example.com/token.
- OAuthRefreshTokenURL: Set this to the refresh token URL for the GraphQL service. This is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the OAuthAccessTokenURL.
When you connect, the driver opens the OAuth authorization endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:
- Extracts the authorization code from the callback URL.
- Exchanges the authorization code for an access and refresh token.
- Refreshes the access token when it expires.
- Saves OAuth values. These values persist across connections.
AWS Cognito Credentials
If you want to use the driver with a user registered in a User Pool in AWS Cognito, set the following properties to authenticate:
- AuthScheme: Set this to AwsCognitoSrp (recommended). You can also use AwsCognitoBasic.
- AWSCognitoRegion: Set this to the region of the User Pool.
- AWSUserPoolId: Set this to the User Pool Id.
- AWSUserPoolClientAppId: Set this to the User Pool Client App Id.
- AWSUserPoolClientAppSecret: Set this to the User Pool Client Secret.
- AWSIdentityPoolId: Set this to the Identity Pool Id of the Identity Pool that is linked with the User Pool.
- User: Set this to the username of the user registered in the User Pool.
- Password: Set this to the password of the user registered in the User Pool.
Refreshing OAuth Values
The driver can refresh the temporary OAuth access tokens obtained during the browser-based OAuth authentication exchange. By default, the driver saves the encrypted tokens in the odbc.ini file corresponding to the DSN. Access to this odbc.ini file can be restricted in the case of System DSNs.
To enable the automatic token exchange, you can give the driver write access to the system odbc.ini.
Installing Dependencies for OAuth Authentication
The OAuth authentication standard requires the authenticating user to interact with GraphQL, using a web-browser. If the first OAuth interaction is to be done on the same machine the driver is installed on, for example, a desktop application, the driver needs access to the xdg-open program, which opens the default browser.
To satisfy this dependency, install the corresponding package with your package manager:
Debian/Ubuntu Package | RHEL/CentOS/Fedora Package | File |
xdg-utils | xdg-utils | xdg-open |
Set the Driver Encoding
The ODBC drivers need to specify which encoding to use with the ODBC Driver Manager. By default, the CData ODBC Drivers for Unix are configured to use UTF-16 which is compatible with unixODBC, but other Driver Managers may require alternative encoding.
Alternatively, if you are using the ODBC driver from an application that uses the ANSI ODBC API it may be necessary to set the ANSI code page. For example, to import Japanese characters in an ANSI application, you can specify the code page in the config file '/opt/cdata/cdata-odbc-driver-for-graphql/lib/cdata.odbc.graphql.ini':
[Driver]
AnsiCodePage = 932