OpenID/OAuth2 authentication for DB extractor

Related products: Extractors Authentication and Access Management

Hi! Our organization has strong desire for OpenID/OAuth2 authentication against the DB extractor. We are currently using SQL authentication, which is outdated.

Hi @Yanzhu Yu 

Thank you for reaching out! To better address your request, I'd like to provide some clarification on the authentication process for the DB extractor.

The DB extractor itself doesn't require authentication. Instead, it follows a two-step authentication process:

Authentication Towards CDF:

The extractor authenticates with Cloud Data Fusion (CDF), which already utilizes OpenID/OAuth2 for secure authentication.
Authentication Towards DB Sources:

Authentication towards the individual database sources varies. Different sources may employ specific authentication methods tailored to their requirements.

To provide you with more accurate assistance, could you please share additional insights or details about the specific aspect of authentication you're inquiring about? Understanding your requirements in more detail will enable us to offer a more targeted and helpful response.

Looking forward to your response!

Best regards



What we are trying to achieve, is to load data from SQL databases in Azure (like Azure SQL and Azure Synapse SQL Pool) using Microsoft Entra ID authentication (OpenID/OAuth2). It works fine using SQL authentication, but we don’t want to use that.



I have looked at creating a database extractor that use Entra ID service principal for authentication, based the cognite-extractor-utils package. The extractor is far from complete and only connects to the database, authenticate the SP and performs a simple query to test that it works.


Thanks for reaching out!

It sounds like you're working with different methods of connecting to the database, and you've hit a roadblock with authentication using the native PostgreSQL provider. With ODBC, you have the flexibility to configure the connection string to utilize various authentication methods supported by Microsoft's ODBC driver.

Unfortunately, with the native PostgreSQL provider, the extractor package doesn't currently support using additional IDs for authentication to the database.

If there's anything specific you need help with or any further questions you have, please don't hesitate to let us know. We're here to assist you in any way we can!

If not, I'll go ahead and close this ticket. Your feedback is greatly appreciated!

Best regards,