TDV Adapter for JSON

Build 22.0.8462

Using OAuth

This section shows how to use the adapter to authenticate to any data source that supports OAuth.

OAuth requires the authenticating user to interact with JSON using the browser. The adapter facilitates this in various ways as described in the following sections.

Before following the procedures below, you need to register an OAuth app with the service to obtain the OAuthClientId and OAuthClientSecret.

JWT

The adapter supports using JWT as an authorization grant in situations where a user cannot perform an interactive sign-on. After setting the following connection properties, you are ready to connect:

  • OAuthVersion: Set this to 2.0
  • OAuthAccessTokenURL: Set this to the URL where the JWT is exchanged for an access token.
  • OAuthJWTCert: Set this to the certificate you want to use. In most cases this will be a path to a PEM or PFX file.
  • OAuthJWTCertType: Set this to the correct certificate type. In most cases this will either PEMKEY_FILE or PFXFILE.
  • OAuthJWTCertPassword: If the certificate is encrypted, set this to the encryption password.
  • OAuthJWTIssuer: Set this to the issuer. This corresponds to the iss field in the JWT.
  • InitiateOAuth: Set this to GETANDREFRESH.

Note that the JWT signature algorithm cannot be set directly. Only the RS256 algorithm is supported.

The adapter will then construct a JWT including following fields, and submit it to OAuthAccessTokenURL for an access token.

  • scope This will come from Scope if it is provided.
  • aud This will come from OAuthJWTAudience if it is provided.
  • iss This will come from OAuthJWTIssuer.
  • iat This is the time when the JWT is generated.
  • exp This is the value of iat plus the value of OAuthJWTValidityTime.
  • sub This will come from OAuthJWTSubject if it is provided.

Copyright (c) 2023 CData Software, Inc. - All rights reserved.
Build 22.0.8462