OpenID/OAuth2 authentication for DB extractor

Related products: Cognite Data Fusion

Hi! Our organization has strong desire for OpenID/OAuth2 authentication against the DB extractor. We are currently using SQL authentication, which is outdated.

Hi @Yanzhu Yu 

Thank you for reaching out! To better address your request, I'd like to provide some clarification on the authentication process for the DB extractor.

The DB extractor itself doesn't require authentication. Instead, it follows a two-step authentication process:

Authentication Towards CDF:

The extractor authenticates with Cloud Data Fusion (CDF), which already utilizes OpenID/OAuth2 for secure authentication.
Authentication Towards DB Sources:

Authentication towards the individual database sources varies. Different sources may employ specific authentication methods tailored to their requirements.

To provide you with more accurate assistance, could you please share additional insights or details about the specific aspect of authentication you're inquiring about? Understanding your requirements in more detail will enable us to offer a more targeted and helpful response.

Looking forward to your response!

Best regards



What we are trying to achieve, is to load data from SQL databases in Azure (like Azure SQL and Azure Synapse SQL Pool) using Microsoft Entra ID authentication (OpenID/OAuth2). It works fine using SQL authentication, but we don’t want to use that.



I have looked at creating a database extractor that use Entra ID service principal for authentication, based the cognite-extractor-utils package. The extractor is far from complete and only connects to the database, authenticate the SP and performs a simple query to test that it works.