How to obtain a JWT Access Token for OAuth2 authentication from Azure, and use the token to open a JDBC connection to a TIBCO Data Virtualization server
Article ID: KB0071992
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | 8.5.0 and higher |
Description
How to obtain a JWT Access Token for OAuth2 authentication from Azure, and use the token to open a JDBC connection to a TDV (TIBCO Data Virtualization) server
Issue/Introduction
How to obtain a JWT Access Token for OAuth2 authentication from Azure, and use the token to open a JDBC connection to a TIBCO Data Virtualization server
Resolution
Below are steps to:
---------
https://compositedvteam.b2clogin.com/compositedvteam.onmicrosoft.com/oauth2/v2.0/authorize?
p=B2C_1_tdvsupport1&client_id=aaaaaaaa-9850-bbbb-cccc-dddddddddddd&nonce=defaultNonce
&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login
----------
(2) Install the Microsoft Authenticator application on your cellphone.
The installer may be downloaded from Google Play or from the Microsoft Support site.
Once installed, the application may be recognized by the following icon.
(3) Enter the Run User Flow endpoint URL in a browser.
(4) The browser will now display one of the following:
If a QR scanner code is displayed:
Scan the QR code using the steps listed under ' Sign in with a QR code' at the Microsoft Support site.
After this, you will be able to obtain a 6-digit code from Authenticator. Enter the code in the browser.
The browser will display the JWT Access Token in encoded and decoded form as shown below.
(5) To configure a Java application to use the JWT Access Token to connect to TDV, the steps are:
(i) Create an OAuth2 domain (e.g. 'oauthdomain') in the TDV Web Manager.
Refer to the Chapter OAuth Domain Administration in the TDV Administration Guide for steps to configure an OAuth2 domain.
NOTE: If you encounter difficulty with configuring the OAuth2 domain in the Web Manager, please contact TIBCO Technical Support for assistance.
(ii) Create a JDBC URL that passes the Access Token to TDV using the following parameters:
-----------
jdbc:compositesw:dbapi@localhost:9411? domain= oauth2domain&dataSource=examples&
AccessTokenType= JWT& accessToken= eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1Z
VhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2NjE5Nzc
1NDAsIm5iZiI6MTY2MTk3Mzk0MCwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9jb21wb3NpdGVk
dnRlYW0uYjJjbG9naW4uY29tLzRkMzM0NjMzLWY5OGEtNDY1OC1hN2NkLWE2ZmYwZjE2Y2E5O
C92Mi4wLyIsInN1YiI6IjgyN2Q3MWRhLTFmYmYtNDM0MS05YzUxLWU2NWVjNmZhNGVlMCIsI
mF1ZCI6IjhjY2NmNzk1LTU5MzAtNDliNi1iNWNjLWQ1MDYyMTNkODc3MyIsIm5vbmNlIjoiZGVmY
XVsdE5vbmNlIiwiaWF0IjoxNjYxOTczOTQwLCJhdXRoX3RpbWUiOjE2NjE5NzM5NDAsIm5hbWUiOi
JhcHJhYmh1IiwiZ2l2ZW5fbmFtZSI6IkFuaWwiLCJ0ZnAiOiJCMkNfMV90ZHZzdXBwb3J0MSJ9.pedW
C6rVCGMe3_0pv355hPTlGpEpgkiy8niEiHMXiL1XlRgzy_y7DffLzTeXBRwEiQEnJJXAMvLPGnVT1Jm
QNqRXQdPel00Pc1Q2HTqI1Zzav0nZShF-mEgNZhkskJyHW5R4rM9oGPN12T-
luIdk9tePt8Hs4H9epKU05WijT0n5eW2xasKQp_aFSV7kwdikOn-VrH6GvY266ooI16QgH4G-
O92iKtlirQwXIym8LnM00VDUW_O_1oSGNoaqIA5L85GFlKsOq2ejLrawVT21RMmywUVrY
MKwejFdCDgui_MunTqBdCYWrqJFmjl7HuBbR5M9B7uu4d8Z6ztivITd1A
------------
(iii) Configure a JDBC client application (e.g. DBVisualizer) with the JDBC URL.
The client will use the JDBC URL to open a connection to the TIBCO Data Virtualization server.
Example
If the JWT token is invalid or expired, the client will fail with an error as in the example below.
---------
Exception in thread "main" java.sql.SQLException: Parse input argument ERROR: Parsing JWT token error ..
Cause: JWT expired at 2022-09-01T12:13:08Z. Current time: 2022-09-02T19:48:03Z, a difference of
113695581 milliseconds. Allowed clock skew: 0 milliseconds.
[Log ID: 2f828df9-3552-4be2-aac5-6ffa7bd3c2e4]
at cs.jdbc.driver.ClientChannelConnection.generateError(ClientChannelConnection.java:1115)
...
at cs.jdbc.driver.CompositeConnection.<init>(CompositeConnection.java:137)
at cs.jdbc.driver.CompositeDriver.connect(CompositeDriver.java:58)
at cs.jdbc.driver.CompositeDriver.connect(CompositeDriver.java:25)
at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
at TestClient.main(TestClient.java:36)
---------
- Obtain a JWT Access Token from Azure.
- Use the token to open a JDBC connection to a TDV (TIBCO Data Virtualization) server.
- The Run User Flow endpoint URL.
- A username/password to access this URL.
---------
https://compositedvteam.b2clogin.com/compositedvteam.onmicrosoft.com/oauth2/v2.0/authorize?
p=B2C_1_tdvsupport1&client_id=aaaaaaaa-9850-bbbb-cccc-dddddddddddd&nonce=defaultNonce
&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login
----------
(2) Install the Microsoft Authenticator application on your cellphone.
The installer may be downloaded from Google Play or from the Microsoft Support site.
Once installed, the application may be recognized by the following icon.
(3) Enter the Run User Flow endpoint URL in a browser.
- The browser will be redirected to a Sign-in page.
- Enter the credentials in the Sign-in page as shown below.
(4) The browser will now display one of the following:
- A message Enter the verification code from your Authenticator application.
- A QR scanner code.
- Open Microsoft Authenticator on your cell phone, and retrieve the 6-digit code from it.
- Enter the code in the browser.
If a QR scanner code is displayed:
Scan the QR code using the steps listed under ' Sign in with a QR code' at the Microsoft Support site.
After this, you will be able to obtain a 6-digit code from Authenticator. Enter the code in the browser.
The browser will display the JWT Access Token in encoded and decoded form as shown below.
(5) To configure a Java application to use the JWT Access Token to connect to TDV, the steps are:
(i) Create an OAuth2 domain (e.g. 'oauthdomain') in the TDV Web Manager.
Refer to the Chapter OAuth Domain Administration in the TDV Administration Guide for steps to configure an OAuth2 domain.
NOTE: If you encounter difficulty with configuring the OAuth2 domain in the Web Manager, please contact TIBCO Technical Support for assistance.
(ii) Create a JDBC URL that passes the Access Token to TDV using the following parameters:
- AccessTokenType = JWT
- JWT&accessToken = <the JWT access token obtained using the previous steps>
- domain = <The OAuth2 domain created in the TDV Web Manager>
-----------
jdbc:compositesw:dbapi@localhost:9411? domain= oauth2domain&dataSource=examples&
AccessTokenType= JWT& accessToken= eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1Z
VhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2NjE5Nzc
1NDAsIm5iZiI6MTY2MTk3Mzk0MCwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9jb21wb3NpdGVk
dnRlYW0uYjJjbG9naW4uY29tLzRkMzM0NjMzLWY5OGEtNDY1OC1hN2NkLWE2ZmYwZjE2Y2E5O
C92Mi4wLyIsInN1YiI6IjgyN2Q3MWRhLTFmYmYtNDM0MS05YzUxLWU2NWVjNmZhNGVlMCIsI
mF1ZCI6IjhjY2NmNzk1LTU5MzAtNDliNi1iNWNjLWQ1MDYyMTNkODc3MyIsIm5vbmNlIjoiZGVmY
XVsdE5vbmNlIiwiaWF0IjoxNjYxOTczOTQwLCJhdXRoX3RpbWUiOjE2NjE5NzM5NDAsIm5hbWUiOi
JhcHJhYmh1IiwiZ2l2ZW5fbmFtZSI6IkFuaWwiLCJ0ZnAiOiJCMkNfMV90ZHZzdXBwb3J0MSJ9.pedW
C6rVCGMe3_0pv355hPTlGpEpgkiy8niEiHMXiL1XlRgzy_y7DffLzTeXBRwEiQEnJJXAMvLPGnVT1Jm
QNqRXQdPel00Pc1Q2HTqI1Zzav0nZShF-mEgNZhkskJyHW5R4rM9oGPN12T-
luIdk9tePt8Hs4H9epKU05WijT0n5eW2xasKQp_aFSV7kwdikOn-VrH6GvY266ooI16QgH4G-
O92iKtlirQwXIym8LnM00VDUW_O_1oSGNoaqIA5L85GFlKsOq2ejLrawVT21RMmywUVrY
MKwejFdCDgui_MunTqBdCYWrqJFmjl7HuBbR5M9B7uu4d8Z6ztivITd1A
------------
(iii) Configure a JDBC client application (e.g. DBVisualizer) with the JDBC URL.
The client will use the JDBC URL to open a connection to the TIBCO Data Virtualization server.
Example
If the JWT token is invalid or expired, the client will fail with an error as in the example below.
---------
Exception in thread "main" java.sql.SQLException: Parse input argument ERROR: Parsing JWT token error ..
Cause: JWT expired at 2022-09-01T12:13:08Z. Current time: 2022-09-02T19:48:03Z, a difference of
113695581 milliseconds. Allowed clock skew: 0 milliseconds.
[Log ID: 2f828df9-3552-4be2-aac5-6ffa7bd3c2e4]
at cs.jdbc.driver.ClientChannelConnection.generateError(ClientChannelConnection.java:1115)
...
at cs.jdbc.driver.CompositeConnection.<init>(CompositeConnection.java:137)
at cs.jdbc.driver.CompositeDriver.connect(CompositeDriver.java:58)
at cs.jdbc.driver.CompositeDriver.connect(CompositeDriver.java:25)
at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
at TestClient.main(TestClient.java:36)
---------
Feedback
Yes
No
Powered by
