The authentication flow for the client credentials grant exchanges client credentials for the access token at the location specified by the Token URI option.

To configure the driver to use a client credentials grant:

  • Configure the minimum options required for a connection:
    • If you are using a Model file, set the REST Config File (RestConfigFile) option to provide the name and location of the Model file. For example, C:/path/to/googleanalytics.rest.
    • If you are using the REST Sample Path method, set the REST Sample Path (RestSamplePath) option to specify the endpoint that you want to connect to and sample. For example, https://example.com/countries/.
  • Set the Authentication Method (AuthenticationMethod) option to 53 (OAuth2-Client Credentials).
    Note: To support existing configurations, the Authentication Method option will continue to support the 24 (OAuth2) value for the client credentials grant.
  • Set the Client ID (ClientID) option to specify the client ID key for your application.
  • Set the Client Secret (ClientSecret) option to specify client secret for your application.
    Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
  • Set the Token URI (TokenURI) option to specify the endpoint used to exchange authentication credentials for access tokens.
    Note: By default, the connector prefixes the token URI endpoint with a GET request method. However, some OAuth implementations require that the token URI endpoint be passed with a POST request method. In this scenario, the token URI endpoint must be prefixed with POST when specifying the value of the TokenURI option. For example: TokenURI=POST https://example.com/oauth2/authorize/.
  • Optionally, specify values for a custom HTTP header to be used for authentication, such as those used in tenant ID authentication:
    • Set the Authentication Header (AuthHeader) option to specify the name of the HTTP header used for authentication.

    • Set the Security Token (SecurityToken) option to specify the value of the HTTP header named by the Authentication Header option.

    For example, if you have a header value of Authorization:1a2bc34def567, you would specify a values of AuthHeader=Authorization and SecurityToken=1a2bc34def567.

    Note: You can specify multiple custom HTTP headers using the #headers in the Model file. See "Requests with custom HTTP headers" for details.
  • Optionally, set the Scope (Scope) option to specify a space-separated list of OAuth scopes to limit the permissions granted by the access token.
  • Optionally, set the OAuth Client Credentials Mode (ClientCredentialsMode) option to determine how client credentials are sent in a request to obtain an access token . Configure this option for flows that require client credentials to be specified as only a basic authentication header or only as a URL parameter.
    • If set to 0 (Default), the client credentials are sent as a basic authentication header. This is the default setting.
    • If set to 1 (Basic), the client credentials are sent as a basic authentication header.
    • If set to 2 (Url), the client credentials are sent as a URL parameter.

    • If set to 3 (Post), the client credentials are sent in the body of a POST request.

  • Optionally, specify values for any additional options you want to configure. See "Connection option descriptions" for a complete list of options.

The following example demonstrates a basic Google Analytics session using a client credentials grant:

Using a connection URL: 

DRIVER=DataDirect 8.0 Autonomous REST Connector;AuthenticationMethod=53;
       ClientID=123456789876-a1bc2de3fgh4ij567klmn8opqr.apps.googleusercontent.com;
       ClientSecret=FaZBFRsGXTaR;RestConfigFile=C:/path/to/googleanalytics.rest;
       TokenURI=https://accounts.google.com/o/oauth2/token;

Using an odbc.ini file with a 32-bit driver: 

Driver=ODBCHOME/lib/ivautorestxx.so;
Description=My Autonomous REST Data Source
...
AuthenticationMethod=53
...
ClientID=123456789876-a1bc2de3fgh4ij567klmn8opqr9.apps.googleusercontent.com
...
ClientSecret=FaZBFRsGXTaR
...
RestConfigFile=C:/path/to/googleanalytics.rest
...
TokenURI=https://accounts.google.com/o/oauth2/token
...