Authentication
sdmx-dl support multiple authentication schemes:
The authentication scheme is defined in the data source configuration using the sdmxdl.driver.authScheme property.
The BASIC scheme is used for data sources that require a username/password pair to access their data. When using this scheme, the credentials are prompted when accessing the data for the first time. These credentials are stored securely for future use in the OS keystore.
The MSAL scheme is used for data sources that require OAuth2 authentication using the Microsoft Authentication Library. When using this scheme, the user is prompted to authenticate via a web browser when accessing the data for the first time. The authentication tokens are stored securely for future use in the OS keystore.
InfoThe current implementation only supports the Authorization Code Flow with PKCE (Proof Key for Code Exchange) for public client applications.
This scheme requires additional configuration properties:
| Property | Type | Default |
|---|---|---|
sdmxdl.authenticator.clientId Client ID (Application ID) of the application as registered in the application registration portal. |
String |
required |
sdmxdl.authenticator.authority URL of the authenticating authority or security token service (STS) from which MSAL will acquire security tokens. |
URL |
required |
sdmxdl.authenticator.scopes Scopes application is requesting access to. |
Comma-separated Strings |
required |
sdmxdl.authenticator.redirectUri Redirect URI where MSAL will listen to for the authorization code returned by Azure AD. Should be a loopback address with a port specified (for example, http://localhost:3671). If no port is specified, MSAL will find an open port. |
URI |
http://localhost |
sdmxdl.authenticator.uid An optional UID used to store tokens. |
String |
sdmx-dl uses native OS keystores to store credentials and tokens securely.
InfoThe current implementation only supports Windows.