ODBC Driver for JSON

Build 24.0.9060

AuthScheme

The type of authentication to use when connecting to remote services.

Possible Values

AwsRootKeys, AwsEC2Roles, AwsIAMRoles, ADFS, Okta, PingFederate, AwsTempCredentials, AwsCredentialsFile, AzureAD, AzureMSI, AzureServicePrincipal, AzureServicePrincipalCert, AccessKey, AzureStorageSAS, HMAC, OAuth, Basic, OneLogin, SFTP, None, Negotiate, OAuthClient, OAuthJWT, OAuthPKCE, GCPInstanceAccount, Digest, OAuthPassword,

Data Type

string

Default Value

""

Remarks

Amazon S3

The following options are available when ConnectionType is set to Amazon S3:

  • AwsRootKeys: Set this to use the root user access key and secret. Useful for quickly testing, but production use cases are encouraged to use something with narrowed permissions.
  • AwsEC2Roles: Set this to automatically use IAM Roles assigned to the EC2 machine the CData ODBC Driver for JSON is currently running on.
  • AwsIAMRoles: Set to use IAM Roles for the connection.
  • ADFS: Set to use a single sign on connection with ADFS as the identify provider.
  • OKTA: Set to use a single sign on connection with OKTA as the identify provider.
  • PingFederate: Set to use a single sign on connection with PingFederate as the identify provider.
  • AwsTempCredentials: Set this to leverage temporary security credentials alongside a session token to connect.
  • AwsCredentialsFile: Set to use a credential file for authentication.
  • AzureAD: Set to use a single sign on connection with AzureAD as the identify provider.

Various Azure Services

The following options are available when ConnectionType is set to Azure Blob Storage, Azure Data Lake Storage Gen1, Azure Data Lake Storage Gen2, Azure Data Lake Storage Gen2 SSL, or OneDrive:

  • AzureAD: Set this to perform Azure Active Directory OAuth authentication.
  • AzureMSI: Set this to automatically obtain Managed Service Identity credentials when running on an Azure VM.
  • AzureServicePrincipal: Set this to authenticate as an Azure Service Principal.
  • AzureServicePrincipalCert: Set this to authenticate as an Azure Service Principal using a Certificate.
  • AccessKey: Set this to authenticate with the storage key associated with your JSON account.
  • AzureStorageSAS: Set this to authenticate with Shared Access Signature (SAS).

OneLake

The following options are available when ConnectionType is set to OneLake:

  • AzureAD: Set this to perform Azure Active Directory OAuth authentication.
  • AzureMSI: Set this to automatically obtain Managed Service Identity credentials when running on an Azure VM.
  • AzureServicePrincipal: Set this to authenticate as an Azure Service Principal.
  • AzureServicePrincipalCert: Set this to authenticate as an Azure Service Principal using a Certificate.

Azure Files

Only the following option is available when ConnectionType is set to Azure Files:

  • AccessKey: Set this to authenticate with the storage key associated with your JSON account.
  • AzureStorageSAS: Set this to authenticate with Shared Access Signature (SAS).

Box

The following options are available when ConnectionType is set to Box:

Dropbox

Only the following option is available when ConnectionType is set to Dropbox:

OAuth: Uses OAuth2 with the authorization code grant type. OAuthVersion must be set to 2.0.

FTP(S)

Only the following option is available when ConnectionType is set to FTP or FTPS:

Basic: Basic user credentials (user/password).

Various Google Services

The following options are available when ConnectionType points Google Cloud Storage or Google Drive:

  • OAuth: Uses OAuth2 using a standard user account. OAuthVersion must be set to 2.0.
  • OAuthPKCE: Uses OAuth2 with the authorization code grant type and PKCE extension. OAuthVersion must be set to 2.0.
  • OAuthJWT: Uses OAuth2 with the JWT bearer grant type. OAuthJWTCertType and OAuthJWTCert determine what certificate the JWT is signed with. OAuthVersion must be set to 2.0.
  • GCPInstanceAccount: When running on a GCP virtual machine, the provider can authenticate using a service account tied to the virtual machine.

HDFS

The following options are available when ConnectionType is set to HDFS or HDFS Secure:

  • None: No authentication is used.
  • Negotiate: Kerberos authentication.

HTTP

The following options are available when ConnectionType is set to HTTP or HTTPS:

  • None: No authentication is used.
  • Basic: Basic user/password authentication.
  • Digest: Uses HTTP Digest authentication with User and Password.
  • OAuth: Uses either OAuth1 or OAuth2. OAuthVersion must be set to determine what version of OAuth is used.
  • OAuthJWT: Uses OAuth2 with the JWT bearer grant type. OAuthJWTCertType and OAuthJWTCert determine what certificate the JWT is signed with. OAuthVersion must be set to 2.0.
  • OAuthPassword: Uses OAuth2 with the password grant type. User and Password are the credentials. OAuthVersion must be set to 2.0.
  • OAuthClient: Uses OAuth2 with the client credentials grant type. OAuthClientId and OAuthClientSecret are the credentials. OAuthVersion must be set to 2.0.
  • OAuthPKCE: Uses OAuth2 with the authorization code grant type and PKCE extension. OAuthClientId is the credential. OAuthVersion must be set to 2.0.

IBM Cloud Object Storage

The following options are also available when ConnectionType is set to IBM Object Storage Source:

  • OAuth: Uses OAuth with the specific flow being determined by the InitiateOAuth. ApiKey must be set to successfully complete this flow.
  • HMAC: Uses AccessKey and SecretKey to authenticate to IBM Cloud Object Storage.

Oracle Cloud Storage

Only the following option is available when ConnectionType is set to Oracle Cloud Storage:

HMAC: Uses AccessKey and SecretKey to authenticate to the Oracle Cloud Storage.

SFTP

This ConnectionType defaults to using an AuthScheme called SFTP, but the authentication method is actually controlled using the SSHAuthMode property. See this property's documentation for further information.

SharePoint REST

The following options are also available when ConnectionType is set to SharePoint REST:

  • AzureAD: Set this to perform Azure Active Directory OAuth authentication.
  • AzureMSI: Set this to automatically obtain Managed Service Identity credentials when running on an Azure VM.
  • AzureServicePrincipal: Set this to authenticate as an Azure Service Principal.
  • AzureServicePrincipalCert: Set this to authenticate as an Azure Service Principal using a Certificate.

SharePoint SOAP

The following options are also available when ConnectionType is set to SharePoint SOAP:

  • Basic: Use basic user/password credentials to authenticate.
  • ADFS: Set to use a single sign on connection with ADFS as the identify provider.
  • Okta: Set to use a single sign on connection with OKTA as the identify provider.
  • OneLogin: Set to use a single sign on connection with OneLogin as the identify provider.

Copyright (c) 2024 CData Software, Inc. - All rights reserved.
Build 24.0.9060