Documentation Home
Connectors and APIs Manual
Download this Manual
PDF (US Ltr) - 4.5Mb
PDF (A4) - 4.5Mb


5.5.9 Authentication Options

Connector/ODBC supports different authentication methods, including:

  • Standard authentication using a MySQL username and password, such as caching_sha2_password.

  • The Kerberos authentication protocol for passwordless authentication. For more information about Kerberos authentication, see Kerberos Pluggable Authentication.

    Support added in Connector/ODBC 8.0.26 for Linux clients, and 8.0.27 for Windows clients.

  • OpenID Connect is supported with the authentication_openid_connect_client client-side authentication plugin connecting to MySQL Enterprise Edition with the authentication_openid_connect authentication plugin.

    The required openid-token-file connection option defines a path to a file containing the JWT formatted identity token. TLS, socket, and shared memory connection methods are supported.

    Support was added in Connector/ODBC 9.1.0.

  • Multi-Factor Authentication (MFA) by utilizing the PASSWORD1 (alias of PASSWORD), PASSWORD2, and PASSWORD3 connection options. In addition there are PWD1, PWD2, and PWD3 aliases.

    Support added in Connector/ODBC 8.0.28.

  • FIDO-based authentication is supported and Connector/ODBC supports the FIDO-based WebAuthn Pluggable Authentication plugin. See the general WebAuthn Pluggable Authentication documentation for installation requirements and implementation details.

    Note

    Support for the authentication_webauthn plugin was added in Connector/ODBC 8.2.0. Support for the authentication_fido plugin was added in 8.0.29, deprecated in 8.2.0, and removed in 8.4.0.

    A callback usage example:

    // SQL_DRIVER_CONNECT_ATTR_BASE is not defined in all driver managers.
    // Therefore use a custom constant until it becomes a standard.
    #define MYSQL_DRIVER_CONNECT_ATTR_BASE 0x00004000
    // Custom constants used for callback
    #define CB_FIDO_GLOBAL MYSQL_DRIVER_CONNECT_ATTR_BASE + 0x00001000
    #define CB_FIDO_CONNECTION MYSQL_DRIVER_CONNECT_ATTR_BASE + 0x00001001
    // Usage example
    // Callback function inside code:
    void user_callback(const char* msg)
    {
       // Do something ...
    }
    SQLHENV henv = nullptr;
    SQLAllocHandle(SQL_HANDLE_ENV, nullptr, &henv);
    // Set the ODBC version to 3.80 otherwise the custom constants don't work
    SQLSetEnvAttr(henv, SQL_ATTR_ODBC_VERSION,                               
    (SQLPOINTER)SQL_OV_ODBC3_80, 0);
    SQLHDBC hdbc = nullptr;
    SQLAllocHandle(SQL_HANDLE_DBC, henv, &hdbc);
    // CB_FIDO_X is either CB_FIDO_GLOBAL or CB_FIDO_CONNECTION
    SQLSetConnectAttr(hdbc, CB_FIDO_X, &user_callback, SQL_IS_POINTER);
    SQLDriverConnect(hdbc, hwnd, conn_str, ....);