Configuring service account authentication
- Last Updated: June 2, 2023
- 2 minute read
- DataDirect Connectors
- JDBC
- Google BigQuery 6.0
- Documentation
The driver supports service account authentication. A service account is a
type of Google account that represents an application instead of an individual end
user. Unlike a user account, a service account allows your application to
authenticate and communicate to Google APIs without direct human intervention. This
is useful for applications that need to access their own data, not the user's data.
For a successful service account authentication, you need:
- Private key file or Private
key
- The private key file is a .json or .p12 file that contains the key required to authenticate API calls. You can download it from the Google Cloud Platform (GCP) Console.
- The private key is contained in the private key file downloaded from the GCP Console.
- Service account email address: A unique email address that is provisioned while creating a service account.
To know more about service account authentication, refer to the Google documentation.
To configure the driver to use service account authentication, set the following connection properties:
- Set the AuthenticationMethod property to
serviceaccount. - Set the ServiceAccountEmail property to specify your service account's email address.
- Set either the ServiceAccountKeyContent property or the ServiceAccountPrivateKey
property
- ServiceAccountKeyContent specifies the private key required to authenticate to Google BigQuery. Use this property if you do not want to persist the private key file in your environment.
- ServiceAccountPrivateKey specifies the full path to the .json or .p12 file that contains the private key. The driver extracts the private key value from the specified file and uses it to authenticate the user to the database. Use this property if it is preferable to persist the private key file.
- Optionally, set the JWTAudience property to specify the JWT audience claim associated with
your service account. The default value is
https://accounts.google.com/o/oauth2/token. - Optionally, set the TokenURI property to specify the endpoint for retrieving
access tokens. The default value is
https://accounts.google.com/o/oauth2/token.
The following examples show how to connect to a Google BigQuery instance using service account authentication.
ServiceAccountKeyContent
Connection conn = DriverManager.getConnection
("jdbc:datadirect:googlebigquery:AuthenticationMethod=serviceaccount;
Project=myproject;Dataset=mydataset;ServiceAccountEmail=abc123@iam.gserviceaccount.com;
ServiceAccountKeyContent=NJJXZexIHJFGYBgkqhkiG9w0BAQnWRwiHANpf3MC1pVRqhtTE5tSpxZeQnICG
4zp087Eidn4qc66udg8KAHknyqFdj7b\n+MgxMFPAvJ59cylHFaHA4pGmeGfVqzYub6LEs9aN/751jmZqcuAYp
5nXRF1EvJPN\nsDuJGLvuuDBZW0iux0liEHmcQVBBKwIx8t+EQxePGTiLsBoCdzOUsi4UWWv\nASqfdP/kSX+N;);ServiceAccountPrivateKey
Connection conn = DriverManager.getConnection
("jdbc:datadirect:googlebigquery:AuthenticationMethod=serviceaccount;
Project=myproject;Dataset=mydataset;ServiceAccountEmail=abc123@iam.gserviceaccount.com;
ServiceAccountPrivateKey=abc123.json")