The authentication flow for the password grant exchanges user credentials for the access token at the location specified by the TokenURI. For added security, client credentials, such as the client ID and client Secret, might also be authenticated for some flows.

To configure the driver to use an authentication flow for a password grant:

  • Configure the minimum properties required for a connection:
    • If you are using a Model file, set the Config property to provide the name and location of the Model file. For example, C:/path/zendesk.rest.
    • If you are using the Sample property, set the Sample property to specify the endpoint that you want to connect to and sample. For example, https://example.com/countries/.
  • Set the AuthenticationMethod property to OAuth2-Password.
    Note: To support existing configurations, the AuthenticationMethod property will continue to support the OAuth2 value for the password grant.
  • Set the User property to specify the user name that is used to fetch the access token from the Token endpoint.
  • Set the Password property to specify the password used to fetch the access token.
  • Set the TokenURI property to specify the endpoint used to exchange authentication credentials for access tokens.
    Note: By default, the connector prefixes the token URI endpoint with a GET request method. However, some OAuth implementations require that the token URI endpoint be passed with a POST request method. In this scenario, the token URI endpoint must be prefixed with POST when specifying the value of the TokenURI property. For example: TokenURI=POST https://example.com/oauth2/authorize/.
  • If required by your REST service, set the ClientID property to specify the client ID key for your application.
  • If required by your REST service, set the ClientSecret property to specify the client secret for your application.
    Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
  • Optionally, specify values for a custom HTTP header to be used for authentication, such as those used in tenant ID authentication:
    • Set the AuthHeader property to specify the name of the HTTP header used for authentication.
    • Set the SecurityToken property to specify the value of the HTTP header named by the AuthHeader option.

    For example, if you have the header Authorization:1a2bc34def567, you would specify AuthHeader=Authorization and SecurityToken=1a2bc34def567.

    Note: You can specify multiple custom HTTP headers using the #headers in the Model file. See "Requests with custom HTTP headers" for details.
  • Optionally, set the Scope property to specify a space-separated list of OAuth scopes to limit the permissions granted by the access token.
  • Optionally, set the ClientCredentialsMode property to determine how client credentials are sent in a request in a request to obtain an access token. Configure this property for flows that require client credentials to be specified in only a basic authentication header or only as a URL parameter.
    • If set to Default, the client credentials are sent as both a basic authentication header. This is the default setting.
    • If set to Basic, the client credentials are sent as a basic authentication header.
    • If set to Url, the client credentials are sent as a URL parameter.
    • If set to Post, the client credentials are sent in the body of a POST request.

The following example demonstrates a basic Zendesk™ session using a password grant:

Using a connection string: 

Connection conn = DriverManager.getConnection
 ("jdbc:datadirect:autorest:AuthenticationMethod=OAuth2-Password;
   Config=C:/path/zendesk.rest;TokenURI=https://accounts.google.com/o/oauth2/token;
   User='jjones@example.com';Password='secretstuff';");

Using a data source: 

AutoRESTDataSource mds = new AutoRESTDataSource();
mds.setDescription("My Autonomous REST Data Source");
mds.setAuthenticationMethod("OAuth2-Password");
mds.setConfig("C:/path/zendesk.rest");
mds.setTokenURI("https://accounts.google.com/o/oauth2/token");
mds.setUser("jjones@example.com");
mds.setPassword("secretstuff");