The authentication flow for the client credentials grant exchanges client credentials for the access token at the location specified by the TokenURI.

To configure the driver to use a client credentials grant:

  • Configure the minimum properties required for a connection:
    • If you are using a Model file, set the Config property to provide the name and location of the Model file. For example, C:/path/to/googleanalytics.rest.
    • If you are using the Sample property, set the Sample property to specify the endpoint that you want to connect to and sample. For example, https://example.com/countries/.
  • Set the AuthenticationMethod property to OAuth2-ClientCredentials.
    Note: To support existing configurations, the AuthenticationMethod property will continue to support the OAuth2 value for the client credentials grant.
  • Set the ClientID property to specify the client ID key for your application.
  • Set the ClientSecret property to specify client secret for your application.
    Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
  • Set the TokenURI property to specify the endpoint used to exchange authentication credentials for access tokens.
    Note: By default, the connector prefixes the token URI endpoint with a GET request method. However, some OAuth implementations require that the token URI endpoint be passed with a POST request method. In this scenario, the token URI endpoint must be prefixed with POST when specifying the value of the TokenURI property. For example: TokenURI=POST https://example.com/oauth2/authorize/.
  • Optionally, specify values for a custom HTTP header to be used for authentication, such as those used in tenant ID authentication:
    • Set the AuthHeader property to specify the name of the HTTP header used for authentication.
    • Set the SecurityToken property to specify the value of the HTTP header named by the AuthHeader option.

    For example, if you have the header Authorization:1a2bc34def567, you would specify AuthHeader=Authorization and SecurityToken=1a2bc34def567.

  • Optionally, set the Scope property to specify a space-separated list of OAuth scopes to limit the permissions granted by the access token.
  • Optionally, set the ClientCredentialsMode property to determine how client credentials are sent in a request in a request to obtain an access token. Configure this property for flows that require client credentials to be specified in only a basic authentication header or only as a URL parameter.
    • If set to Default, the client credentials are sent as a basic authentication header. This is the default setting.
    • If set to Basic, the client credentials are sent as a basic authentication header.
    • If set to Url, the client credentials are sent as a URL parameter.
    • If set to Post, the client credentials are sent in the body of a POST request.

The following example demonstrates a basic Google Analytics™ session using a client credentials grant:

Using a connection string: 

Connection conn = DriverManager.getConnection
("jdbc:datadirect:autorest:AuthenticationMethod=OAuth2-ClientCredentials;
  ClientID='123456789876-a1bc2de3fgh4ij567klmn8opqr9stuvw.apps.googleusercontent.com';
  ClientSecret='FaZBFRsGXTaR';Config=C:/path/to/googleanalytics.rest;
  TokenURI=https://accounts.google.com/o/oauth2/token;");

Using a data source: 

AutoRESTDataSource mds = new AutoRESTDataSource();
mds.setDescription("My Autonomous REST Data Source");
mds.setAuthenticationMethod("OAuth2-ClientCredentials");
mds.setClientID("123456789876-a1bc2de3fgh4ij567klmn8opqr9stuvw.apps.googleusercontent.com");
mds.setClientSecret("FaZBFRsGXTaR");
mds.setConfig("C:/path/to/googleanalytics.rest");
mds.setTokenURI("https://accounts.google.com/o/oauth2/token");