MySQL Connector/J Release Notes
OpenID Connect is an authentication protocol based on the OAuth 2.0 framework, providing a simplified and interoperable ways of authentication for enhanced security. It is supported by MySQL Enterprise Edition 9.1.0 and later.
Connector/J supports authentication for users created on a
MySQL server using the
authentication_openid_connect plugin. The
authentication requires:
The connection to the server must be secure by SSL encryption.
An Identity Token that must be obtained from some external process and provided to Connector/J through a customizable callback handler.
The callback handler must be an implementation of the Connector/J interface
com.mysql.cj.callback.MysqlCallbackHandler.The class name of the callback handler must be provided to Connector/J via the connection property
authenticationOpenidConnectCallbackHandler.
Default Implementation
Connector/J provides a default implementation of the callback
handler named
com.mysql.cj.callback.MysqlCallbackHandler,
and that name is the default value of the connection property
authenticationOpenidConnectCallbackHandler.
This implementation requires an Identity Token file, and the
following must be true for it:
The absolute path of the file is provided to Connector/J through the connection property
idTokenFile.The file specified by
idTokenFilemust exist and must be readable during runtime, or authentication will fail.The file must be 10K or smaller in size, or it will be taken as an invalid file.
If no server user name is specified in the connection string
or during the creation of the Connection
object, the implementation takes the OS user name as the user
to be authenticated with the server.