The authentication flow for the client credentials grant exchanges client credentials for the access token at the location specified by the TokenURI. Web-based login and consent are not required.

Note: For the client credentials grant, you must create an application user on your Dynamics 365 web instance. See Create an application user for the client credentials grant for details.
jdbc:datadirect:dynamics365:ServiceURL=serviceurl;AuthenticationMethod=method;
ClientID=client_id;ClientSecret=client_secret;TokenURI=POST token_uri;
Scope=scope;[property=value[;...]];

where:

serviceurl
specifies the base URL of the Dynamics 365 instance to which you want to issue requests. For example, https://mywebinstance.api.crm.dynamics.com/api/data/v9.1/.
method
specifies the authentication method used to connect to the service. The default value is OAuth2. Since OAuth2 is the default, this value does not have to be specified in a connection URL used for OAuth 2.0 implementations.
client_id
specifies the client ID key for your application when authenticating with OAuth 2.0.
client_secret
specifies the client secret for your application when authenticating with OAuth 2.0.

Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.

token_uri
specifies the endpoint used to exchange authentication credentials for access tokens when OAuth 2.0 authentication is enabled. For the client credentials grant, the token URI must be prefaced by the POST command. For example:

TokenURI=POST https://login.microsoftonline.com/common/oauth2/v2.0/token

scope
specifies an OAuth scope or a space-separated list of OAuth scopes that limit the permissions granted by an access token. Scope is required when using the Microsoft Identity Platform (v2) to provision users and manage application access. The following example shows the scope for a Dynamics CRM instance.

Scope=https://mywebinstance.api.crm.dynamics.com/.default

Note: The /.default scope is embedded in every application. It refers to a static list of permissions configured on the application registration. Refer to Microsoft Identity Plaform documentation for further details.
property=value
specifies connection property settings. Multiple properties are separated by a semi-colon.

The following example connection string includes the properties for connecting with the OAuth 2.0 client credentials grant.

Connection conn = DriverManager.getConnection
  ("jdbc:datadirect:dynamics365:
    ServiceURL=https://mywebinstance.api.crm.dynamics.com/api/data/v9.1/;
    AuthenticationMethod=OAuth2;ClientID=29453d6f-6789-25gh-gd8g-44tk3c527831;
    ClientSecret=12a3=bCD/EfGh4Ijk+Lm5P67qR8s=//TuV+WXy1Zabcd;
    TokenURI=POST https://login.microsoftonline.com/common/oauth2/v2.0/token;
    Scope=https://mywebinstance.api.crm.dynamics.com/.default;");