PDF (US Ltr)
- 2.3Mb
PDF (A4)
- 2.3Mb
MySQL Shell supports the OpenID Connect authentication
protocol. The plugin,
authentication_openid_connect_client, is
bundled with MySQL Shell .
For information on OpenID Connect, see openid.net.
Note
OpenID Connect authentication protocol is supported by MySQL Enterprise Edition, only.
To connect to a server using OpenID Connect, you must have an OpenID token file and an OpenID user on the target server.
The user must be defined with the
authentication_openid_connect plugin. For
example:
CREATE USER 'MySQLUser'@'%' IDENTIFIED WITH 'authentication_openid_connect'
AS '{"identity_provider":"IdentityProviderName", "user":"UserID"}';The token file must contain the following:
iss: Issuer Identifier for the Issuer of the response. A case-sensitive URL.sub: Subject Identifier. A locally unique identifier which is intended to be consumed by the Client. A case-sensitive string of no more than 255 characters (ASCII).aud: Audience(s) the ID Token is intended for. It must contain the OAuth 2.0 client_id of the Relying Party and may also contain identifiers for other audiences.exp: Token expiration date and time, after which the token is not accepted.iat: Token issuing date and time.
See linkToRefman for more
information.
Connect using one of the following methods:
-
A commandline string:
> mysqlsh -u MySQLUser --authentication-openid-connect-client-id-token-file=pathToTokenfile/tokenFilename -
A connection data dictionary:
> shell.connect({host: 'localhost', port: 'port', user: 'MySQLUser', authentication-openid-connect-client-id-token-file: 'pathToTokenfile/tokenFilename'}) -
The query section of a URI:
MySQLUser@host?authentication-openid-connect-client-id-token-file=pathToTokenfile/tokenFilename -
In the configuration file:
[mysqlsh] authentication_openid_connect_client_id_token_file=pathToTokenfile/tokenFilename