Added support for OAuth2 token authentication.

Author: anthony-tuininga

doc/src/conf.py

@@ -43,10 +43,10 @@
 # |release|, also used in various other places throughout the built documents
 #
 # the short X.Y version
-version = '4.4'
+version = '4.5'
 
 # the full version, including alpha/beta/rc tags
-release = '4.4.1'
+release = '4.5.0b1'
 
 # the theme to use for HTML pages
 html_theme = 'oracle'

doc/src/releasenotes.rst

@@ -1,6 +1,13 @@
 ODPI-C Release notes
 ====================
 
+Version 4.5 (TBD)
+-----------------
+
+#) Added support for OAuth token authentication when creating standalone
+   connections and connection pools.
+
+
 Version 4.4.1 (June 14, 2022)
 -----------------------------
 

doc/src/structs/dpiAccessToken.rst

@@ -11,7 +11,11 @@ The externalAuth must be set to 1 and in addition, homogeneous must be
 set to 1 when creating a pool. The user (or username) and password properties
 should not be set.
 
-Both token and privateKey (and their lengths) must be set.
+Both token and privateKey (and their lengths) must be set while using IAM
+for token based authentication.
+
+Only token and it's length must be set while using OAuth for token based
+authentication.
 
 .. member:: const char* dpiAccessToken.token
 

include/dpi.h

@@ -69,9 +69,9 @@ extern "C" {
 
 // define ODPI-C version information
 #define DPI_MAJOR_VERSION   4
-#define DPI_MINOR_VERSION   4
-#define DPI_PATCH_LEVEL     1
-#define DPI_VERSION_SUFFIX
+#define DPI_MINOR_VERSION   5
+#define DPI_PATCH_LEVEL     0
+#define DPI_VERSION_SUFFIX  "b1"
 
 #define DPI_STR_HELPER(x)       #x
 #define DPI_STR(x)              DPI_STR_HELPER(x)

samples/SampleLib.c

@@ -229,8 +229,14 @@ void dpiSamples__getTokenData(const char *dirName, const char *fileName,
     sprintf(fullFileName, "%s/%s", dirName, fileName);
 
     fp = fopen(fullFileName, "r");
-    if (!fp)
-        dpiSamples__fatalError("Not able to open file.");
+    free(fullFileName);
+    fullFileName = NULL;
+
+    if (!fp) {
+        *value = NULL;
+        *valueLength = 0;
+        return;
+    }
 
     *value = malloc(TOKENBUFLEN);
     if (!*value)
@@ -251,8 +257,6 @@ void dpiSamples__getTokenData(const char *dirName, const char *fileName,
     }
 
     fclose(fp);
-    free(fullFileName);
-    fullFileName = NULL;
 }
 
 

src/dpiErrorMessages.h

@@ -107,7 +107,7 @@ static const char* const dpiErrorMessages[DPI_ERR_MAX - DPI_ERR_NO_ERR] = {
     "DPI-1078: native type %d with Oracle type %d is not supported by JSON", // DPI_ERR_UNHANDLED_CONVERSION_TO_JSON
     "DPI-1079: Oracle Client library is at version %d.%d but either version %d.%d (or later DBRU) or version %d.%d (or higher) is needed", // DPI_ERR_ORACLE_CLIENT_TOO_OLD_MULTI
     "DPI-1080: connection was closed by ORA-%d", // DPI_ERR_CONN_CLOSED
-    "DPI-1081: invalid dpiAccessToken structure. Both the token and the private key must contain values", // DPI_ERR_TOKEN_BASED_AUTH
+    "DPI-1081: invalid dpiAccessToken structure. The token must contain a value", // DPI_ERR_TOKEN_BASED_AUTH
     "DPI-1082: invalid connection pool configuration for token based authentication. Both homogeneous and externalAuth fields in the dpiPoolCreateParams structure must be set to 1", //DPI_ERR_POOL_TOKEN_BASED_AUTH
     "DPI-1083: invalid standalone connection configuration for token based authentication. The externalAuth field in the dpiConnCreateParams structure must be set to 1", //DPI_ERR_STANDALONE_TOKEN_BASED_AUTH
 };

src/dpiImpl.h

@@ -343,10 +343,11 @@ extern unsigned long dpiDebugLevel;
 #define DPI_OCI_ATTR_JSON_DOM_MUTABLE               609
 #define DPI_OCI_ATTR_SODA_METADATA_CACHE            624
 #define DPI_OCI_ATTR_SODA_HINT                      627
-#define DPI_OCI_ATTR_IAM_TOKEN                      636
+#define DPI_OCI_ATTR_TOKEN                          636
 #define DPI_OCI_ATTR_IAM_PRIVKEY                    637
-#define DPI_OCI_ATTR_IAM_CBK                        638
-#define DPI_OCI_ATTR_IAM_CBKCTX                     639
+#define DPI_OCI_ATTR_TOKEN_CBK                      638
+#define DPI_OCI_ATTR_TOKEN_CBKCTX                   639
+#define DPI_OCI_ATTR_TOKEN_ISBEARER                 657
 
 // define OCI object type constants
 #define DPI_OCI_OTYPE_NAME                          1

src/dpiPool.c

@@ -156,16 +156,16 @@ static int dpiPool__create(dpiPool *pool, const char *userName,
             return DPI_FAILURE;
 
         if (createParams->accessTokenCallback) {
-            // set IAM context callback on session handle
+            // set token based auth context callback on session handle
             if (dpiOci__attrSet(authInfo, DPI_OCI_HTYPE_SESSION,
-                    (void*) pool, 0, DPI_OCI_ATTR_IAM_CBKCTX,
+                    (void*) pool, 0, DPI_OCI_ATTR_TOKEN_CBKCTX,
                     "set token callback context", error) < 0)
                 return DPI_FAILURE;
 
-            // set IAM callback on session handle
+            // set token based auth callback on session handle
             if (dpiOci__attrSet(authInfo, DPI_OCI_HTYPE_SESSION,
                     (void*) dpiPool__accessTokenCallback, 0,
-                    DPI_OCI_ATTR_IAM_CBK, "set token callback", error) < 0)
+                    DPI_OCI_ATTR_TOKEN_CBK, "set token callback", error) < 0)
                 return DPI_FAILURE;
         }
     }

src/dpiUtils.c

@@ -533,29 +533,49 @@ int dpiUtils__setAccessTokenAttributes(void *handle,
         dpiAccessToken *accessToken, dpiVersionInfo *versionInfo,
         dpiError *error)
 {
-    // only available in Oracle Client 19.14+ and 21.5+ libraries
-    if (dpiUtils__checkClientVersionMulti(versionInfo,
-            19, 14, 21, 5, error) < 0)
-        return DPI_FAILURE;
+    int isBearer = 1;
 
     // check validity of access token
     if (!accessToken->token || accessToken->tokenLength == 0 ||
-            !accessToken->privateKey || accessToken->privateKeyLength == 0)
+            (accessToken->privateKey && accessToken->privateKeyLength == 0))
         return dpiError__set(error,
                 "check token based authentication parameters",
                 DPI_ERR_TOKEN_BASED_AUTH);
 
+    // IAM feature only available in Oracle Client 19.14+ and 21.5+ libraries
+    if (accessToken->privateKey) {
+        if (dpiUtils__checkClientVersionMulti(versionInfo, 19, 14, 21, 5,
+                error) < 0)
+            return DPI_FAILURE;
+
+    // OAuth feature only available in Oracle Client 19.15+ and 21.7+ libraries
+    } else {
+        if (dpiUtils__checkClientVersionMulti(versionInfo, 19, 15, 21, 7,
+                error) < 0)
+            return DPI_FAILURE;
+    }
+
     // set token on auth handle
     if (dpiOci__attrSet(handle, DPI_OCI_HTYPE_AUTHINFO,
             (void*) accessToken->token, accessToken->tokenLength,
-            DPI_OCI_ATTR_IAM_TOKEN, "set DB token", error) < 0)
+            DPI_OCI_ATTR_TOKEN, "set access token", error) < 0)
         return DPI_FAILURE;
 
-    // set private key on auth handle
-    if (dpiOci__attrSet(handle, DPI_OCI_HTYPE_AUTHINFO,
-            (void*) accessToken->privateKey, accessToken->privateKeyLength,
-            DPI_OCI_ATTR_IAM_PRIVKEY, "set DB token private key", error) < 0)
-        return DPI_FAILURE;
+    // set IAM private key on auth handle
+    if (accessToken->privateKey) {
+        if (dpiOci__attrSet(handle, DPI_OCI_HTYPE_AUTHINFO,
+                (void*) accessToken->privateKey,
+                accessToken->privateKeyLength, DPI_OCI_ATTR_IAM_PRIVKEY,
+                "set access token private key", error) < 0)
+            return DPI_FAILURE;
+
+    // set OAuth bearer flag on auth handle
+    } else {
+        if (dpiOci__attrSet(handle, DPI_OCI_HTYPE_AUTHINFO,
+                (void*) &isBearer, 0, DPI_OCI_ATTR_TOKEN_ISBEARER,
+                "set bearer flag", error) < 0)
+            return DPI_FAILURE;
+    }
 
     return DPI_SUCCESS;
 }