Creating a Custom OAuth Application
Creating a Custom OAuth Application
CData embeds OAuth Application Credentials with CData branding that can be used when connecting to MariaDB via a desktop application or a headless machine.However, you must create a custom OAuth application to connect to MariaDB via the Web. And since custom OAuth applications seamlessly support all three commonly-used auth flows, you might want to create custom OAuth applications (use your own OAuth Application Credentials) for those auth flows anyway.
Custom OAuth applications are useful if you want to:
- control branding of the authentication dialog;
- control the redirect URI that the application redirects the user to after the user authenticates; or
- customize the permissions that you are requesting from the user.
Procedure
The following procedure creates a custom OAuth application, registers that application in the Azure portal, and obtains the OAuthClientId and OAuthClientSecret.- Log in to https://portal.azure.com.
- In the left-hand navigation pane, select Azure Active Directory, and then App Registrations.
- Click New registration.
- Enter a name for your new application.
-
Specify the desired setup: single-tenant or multi-tenant.
- If your application is for private use only, Accounts in this organizational directory only (single-tenant; default) should be sufficient. Note that if you specify a single-tenant setup you must set the AzureTenant connection property to the Id of the AzureTenant when establishing a connection with the CData ADO.NET Provider for MariaDB. Otherwise, the authentication attempt will fail with an error.
- If you want to distribute your app, choose one of the multi-tenant options.
- Set the application's redirect url to something like http://localhost:33333, the driver's default, OR set a different port of your choice. If you set a different port, be sure to set CallbackURL to the exact reply URL you defined.
- To register the new application, click Register. The Azure Portal displays the App Management screen. Note the value in Application (client) ID as the OAuthClientId, and the Directory (tenant) ID as the AzureTenant.
- To define the application authentication type, go to the Certificates & Secrets section.
-
Choose your preferred type of authentication:
- Upload a certificate (recommended): In the Certificates & Secrets section, select Upload certificate and select the certificate to upload from your local machine.
- Create a new application secret: In the Certificates & Secrets section, select New Client Secret for the application, and specify its duration. After saving the client secret, the key value is displayed. This value is displayed only once, so be sure to copy it for future use. (This value is used as the OAuthClientSecret.)
- Select API Permissions, then click Add.
- Specify the Delegated permissions.
- Save your changes.
If you have selected to use permissions that require admin consent, you may grant them from the current tenant on the Azure Portal's API Permissions page.