After registering the client application, you may proceed with configuring the application for either the Authorization Code or Password grant type. Procedures for configuring OAuth 2.0 can vary substantially between third-party client applications. Therefore, if you are using a third-party client application, you should consult the client application documentation for details about OAuth 2.0 configuration. At minimum, you will need the information shown here to configure your client application.

Note: Connecting to a data source from Power BI using OAuth 2.0 requires building and integrating a Power BI custom connector. See the tutorial Connect to OData from Power BI using OAuth2 Authentication for instructions.

Authorization Code grant type

The following information is required for a Hybrid Data Pipeline implementation of OAuth 2.0 using the Authorization Code grant type.

  • Redirect URL (or Callback URL). The client application endpoint to which a user is redirected after authorization.
  • Authorization URL. The endpoint of the authorization server used to obtain an authorization code. For Hybrid Data Pipeline, the following URL should be provided:
    https://my-hdp-server-host/api/mgmt/oauth2/authorize

    where my-hdp-server-host is the URL of the server for a single-node deployment that does not use a load balancer, or the URL of the load balancer for a deployment using a load balancer.

  • Access Token URL. The endpoint of the authorization server used to exchange the authorization code for an access token. For Hybrid Data Pipeline, the following URL should be provided:
    https://my-hdp-server-host/api/mgmt/oauth2/token
  • Client ID. The identifier issued to the client application during the registration process.
  • Client secret. The secret issued to the client application during the registration process.
  • Scope. A scope restricts the level of access the client application has to the resource. Hybrid Data Pipeline supports the scope: api.access.odata. The scope api.access.odata limits client application access to queries against the data sources OData endpoint (the OData URI).

Password grant type

Warning: The Password grant type requires providing the user ID and password credentials to the client application. Therefore, the client application must be a highly-trusted application.

The following information is required for a Hybrid Data Pipeline implementation of the OAuth 2.0 using the Password grant type.

  • User ID. The account ID of the Hybrid Data Pipeline data source owner.
  • Password. The account password of the Hybrid Data Pipeline data source owner.
  • Access Token URL. The endpoint of the authorization server used to exchange the authorization code for an access token. For Hybrid Data Pipeline, the following URL should be provided:
    https://my-hdp-server-host/api/mgmt/oauth2/token

    where my-hdp-server-host is the URL of the server for a single-node deployment that does not use a load balancer, or the URL of the load balancer for a deployment using a load balancer.

  • Client ID. The identifier issued to the client application during the registration process.
  • Client secret. The secret issued to the client application during the registration process.
  • Scope. A scope restricts the level of access the client application has to the resource. Hybrid Data Pipeline supports the scope: api.access.odata. The scope api.access.odata limits client application access to queries against the data source's OData endpoint (the OData URI).