M2M JWT support (#395)

Custom client credential support

Author: samikshya-db

.gitignore

@@ -4,4 +4,5 @@ target/
 *DS_Store
 TestFile
 logs/
-*.log
+*.log
+*.pem

pom.xml

@@ -61,6 +61,8 @@
     <slt.executor>dbsql</slt.executor>
     <slt.token>dummy-token</slt.token>
     <wiremock.version>3.5.4</wiremock.version>
+    <nimbusjose.version>9.40</nimbusjose.version>
+    <bouncycastle.version>1.78.1</bouncycastle.version>
   </properties>
   <dependencies>
     <dependency>
@@ -142,6 +144,22 @@
       <version>${junit.jupiter.version}</version>
       <scope>test</scope>
     </dependency>
+
+    <dependency>
+      <groupId>com.nimbusds</groupId>
+      <artifactId>nimbus-jose-jwt</artifactId>
+      <version>${nimbusjose.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk18on</artifactId>
+      <version>${bouncycastle.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk18on</artifactId>
+      <version>${bouncycastle.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-inline</artifactId>
@@ -521,4 +539,4 @@
       </build>
     </profile>
   </profiles>
-</project>
+</project>

src/main/java/com/databricks/jdbc/api/IDatabricksConnectionContext.java

@@ -152,4 +152,34 @@ public static AuthMech parseAuthMech(String authMech) {
   boolean enableTelemetry();
 
   String getConnectionURL();
+
+  /** Returns the file path to the JWT private key used for signing the JWT. */
+  String getJWTKeyFile();
+
+  /** Returns the Key ID (KID) used in the JWT header, identifying the key. */
+  String getKID();
+
+  /** Returns the passphrase to decrypt the private key if the key is encrypted. */
+  String getJWTPassphrase();
+
+  /** Returns the algorithm used for signing the JWT (e.g., RS256, ES256). */
+  String getJWTAlgorithm();
+
+  /** Returns whether JWT assertion should be used for OAuth2 authentication. */
+  boolean useJWTAssertion();
+
+  /** Returns the OAuth2 token endpoint URL for retrieving tokens. */
+  String getTokenEndpoint();
+
+  /** Returns the OAuth2 authorization endpoint URL for the authorization code flow. */
+  String getAuthEndpoint();
+
+  /** Returns whether OAuth2 discovery mode is enabled, which fetches endpoints dynamically. */
+  boolean isOAuthDiscoveryModeEnabled();
+
+  /** Returns the discovery URL used to obtain the OAuth2 token and authorization endpoints. */
+  String getOAuthDiscoveryURL();
+
+  /** Returns the OAuth2 authentication scope used in the request. */
+  String getAuthScope();
 }

src/main/java/com/databricks/jdbc/api/impl/DatabricksConnectionContext.java

@@ -568,4 +568,54 @@ public boolean enableTelemetry() {
   public String getConnectionURL() {
     return connectionURL;
   }
+
+  @Override
+  public String getJWTKeyFile() {
+    return getParameter(JWT_KEY_FILE);
+  }
+
+  @Override
+  public String getKID() {
+    return getParameter(JWT_KID);
+  }
+
+  @Override
+  public String getJWTPassphrase() {
+    return getParameter(JWT_PASS_PHRASE);
+  }
+
+  @Override
+  public String getJWTAlgorithm() {
+    return getParameter(JWT_ALGORITHM);
+  }
+
+  @Override
+  public boolean useJWTAssertion() {
+    return getParameter(USE_JWT_ASSERTION, "0").equals("1");
+  }
+
+  @Override
+  public String getTokenEndpoint() {
+    return getParameter(TOKEN_ENDPOINT);
+  }
+
+  @Override
+  public String getAuthEndpoint() {
+    return getParameter(AUTH_ENDPOINT);
+  }
+
+  @Override
+  public boolean isOAuthDiscoveryModeEnabled() {
+    return getParameter(DISCOVERY_MODE, "1").equals("1");
+  }
+
+  @Override
+  public String getOAuthDiscoveryURL() {
+    return getParameter(DISCOVERY_URL);
+  }
+
+  @Override
+  public String getAuthScope() {
+    return getParameter(AUTH_SCOPE, ALL_APIS_SCOPE);
+  }
 }

…bc/dbclient/impl/common/ClientUtils.java …om/databricks/jdbc/auth/ClientUtils.javasrc/main/java/com/databricks/jdbc/dbclient/impl/common/ClientUtils.java renamed to src/main/java/com/databricks/jdbc/auth/ClientUtils.java src/main/java/com/databricks/jdbc/dbclient/impl/common/ClientUtils.java renamed to src/main/java/com/databricks/jdbc/auth/ClientUtils.java

@@ -1,12 +1,11 @@
-package com.databricks.jdbc.dbclient.impl.common;
+package com.databricks.jdbc.auth;
 
 import com.databricks.jdbc.api.IDatabricksConnectionContext;
-import com.databricks.jdbc.exception.DatabricksParsingException;
 import com.databricks.sdk.core.DatabricksConfig;
 
 public class ClientUtils {
   public static DatabricksConfig generateDatabricksConfig(
-      IDatabricksConnectionContext connectionContext) throws DatabricksParsingException {
+      IDatabricksConnectionContext connectionContext) {
     DatabricksConfig databricksConfig =
         new DatabricksConfig().setUseSystemPropertiesHttp(connectionContext.getUseSystemProxy());
     // Setup proxy settings