Dynamic authorization code grant
- Last Updated: July 9, 2025
- 4 minute read
- DataDirect Connectors
- JDBC
- Autonomous REST Connector 6.0
- Documentation
Dynamic authorization code grant allows you to initiate an authorization code grant flow by specifying login credentials using the login prompt for your REST service, thereby providing a method to authenticate without fetching access and refresh tokens via the Configuration Manager or third-party application. Similar to authorization code grant, dynamic authorization code grant is typically used for web and native applications. It also provides secure connections by requiring multiple points of authentication before permitting access to data.
When connecting with dynamic authorization code grant flow, the driver launches the login prompt for your service in a separate browser window. After you submit your user and password credentials via the prompt, the driver exchanges your login credentials and client credentials for the Authorization Code from the location specified by the AuthURI property. The driver then navigates to the endpoint specified by the TokenURI property to exchange the authorization code for the access and refresh tokens. Finally, the application is redirected to the location provided in the RedirectURI property to begin the session.
To use an dynamic authorization code grant:
- Configure the minimum properties required for a connection:
- If you are using a Model file, set the Config property to provide the name and location of the Model file. For example, C:/path/to/box.rest.
- If you are using the Sample property, set the Sample property to
specify the endpoint that the want to connect to and sample. For example,
https://example.com/countries/.
- Set the AuthenticationMethod property to
OAuth2-AuthorizationCode.Note: To support existing configurations, the AuthenticationMethod property will continue to support theOAuth2value for the authorization code grant. - Set the ClientID property to specify the client ID key for your application.
- Set the ClientSecret property to specify the client secret for your application.Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
- Set the AuthURI property to specify the endpoint for obtaining an authorization code.
- Set the TokenURI property to specify the endpoint used to exchange
authentication credentials for access tokens.Note: By default, the connector prefixes the token URI endpoint with a GET request method. However, some OAuth implementations require that the token URI endpoint be passed with a POST request method. In this scenario, the token URI endpoint must be prefixed with POST when specifying the value of the TokenURI property. For example:
TokenURI=POST https://example.com/oauth2/authorize/. -
- If required by your authentication flow, set the RedirectURI property to specify
the endpoint that the client is returned to after authenticating with a third-party
service. Note that the value of the RedirectURI property must include the port
number. For example,
RedirectURI=http://localhost:80orRedirectURI=http://localhost:8080.
- If required by your authentication flow, set the RedirectURI property to specify
the endpoint that the client is returned to after authenticating with a third-party
service. Note that the value of the RedirectURI property must include the port
number. For example,
- Set the EnableLoginPrompt property to
true. When Enable Login Prompt is enabled, the driver launches the login prompt for your service in a separate browser window to initiate the OAuth grant flow. - Optionally, specify values for a custom HTTP header to be used for authentication,
such as those used in tenant ID authentication:
- Set the AuthHeader property to specify the name of the HTTP header used for authentication.
- Set the SecurityToken property to specify the value of the HTTP header named by the AuthHeader property.
For example, if you have the header
Authorization:1a2bc34def567, you would specifyAuthHeader=AuthorizationandSecurityToken=1a2bc34def567.Note: You can specify multiple custom HTTP headers using the #headers in the Model file. See "Requests with custom HTTP headers" for details. - Optionally, set the Scope property to specify a space-separated list of OAuth scopes to limit the permissions granted by the access token.
- Optionally, set the ClientCredentialsMode property to determine how client credentials
are sent in a request in a request to obtain an access token. Configure this property for
flows that require client credentials to be specified in only a basic authentication
header or only as a URL parameter.
- If set to
Default, the client credentials are sent as a basic authentication header. This is the default setting. - If set to
Basic, the client credentials are sent as a basic authentication header. - If set to
Url, the client credentials are sent as a URL parameter. - If set to
Post, the client credentials are sent in the body of a POST request.
- If set to
The following example demonstrates a basic session for a Box™ account using an authorization code grant:
Using a connection URL:
Connection conn = DriverManager.getConnection
("jdbc:datadirect:autorest:AuthenticationMethod=OAuth2-AuthorizationCode;
AuthURI=https://api.box.com/oauth2/authorize;
ClientID='abcdefghik2lmn3o5qr67s';ClientSecret=FaZBFRsGXTaR;
Config=C:/path/to/box.rest;EnableLoginPrompt=1;
RedirectURI=https://localhost:80;TokenURI='https://api.box.com/oauth2/token';");Using a data source:
AutoRESTDataSource mds = new AutoRESTDataSource();
mds.setDescription("My Autonomous REST Data Source");
mds.setAuthenticationMethod("OAuth2-AuthorizationCode");
mds.setAuthURI("https://api.box.com/oauth2/authorize");
mds.setClientID("abcdefghij1k2lmn3o4p5qr67s");
mds.setClientSecret("FaZBFRsGXTaR");
mds.setConfig("C:/path/to/box.rest");
mds.setEnableLoginPrompt("1");
mds.setRedirectURI("https://localhost:80");
mds.setTokenURI("https://api.box.com/oauth2/token");