Oauth config template for Entra-ID #

<?xml version="1.0" encoding="utf-8"?>
<pluginOAuthConfig>
    <!-- dbclass must be trino_jdbc -->
    <dbclass>trino_jdbc</dbclass>
    <!-- oauthConfigId must start with custom_ and contain only letters,
        numbers and underscores -->
    <oauthConfigId>custom_entra_id</oauthConfigId>

    <!-- Use the same application you created for Starburst Enterprise web UI,
        or create a separate one for Tableau -->
    <clientIdDesktop>client_id</clientIdDesktop>
    <!-- It is recommended to use OAuth 2.0 authorization code flow with PKCE,
        and leave clientSecretDesktop empty -->
    <clientSecretDesktop></clientSecretDesktop>

    <!-- The following Callback URLs must be added to Mobile and desktop
        applications redirect URIs -->
    <redirectUrisDesktop>http://localhost:55555/Callback</redirectUrisDesktop>
    <redirectUrisDesktop>http://localhost:55556/Callback</redirectUrisDesktop>
    <redirectUrisDesktop>http://localhost:55557/Callback</redirectUrisDesktop>
    <redirectUrisDesktop>http://localhost:55558/Callback</redirectUrisDesktop>
    <redirectUrisDesktop>http://localhost:55559/Callback</redirectUrisDesktop>

    <!-- authUri and tokenUri are required, userInfoUri is optional -->
    <authUri>https://login.microsoftonline.com/my_tenant_id/oauth2/v2.0/authorize</authUri>
    <tokenUri>https://login.microsoftonline.com/my_tenant_id/oauth2/v2.0/token</tokenUri>
    <userInfoUri></userInfoUri>

    <scopes>profile</scopes>
    <scopes>openid</scopes>
    <scopes>offline_access</scopes>
    <scopes>https://oauth-aad-integrations.starburstdata.com/StarburstUsers.Read.All</scopes>

    <capabilities>
        <entry>
            <key>OAUTH_CAP_SUPPORTS_STATE</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_SUPPORTS_CUSTOM_DOMAIN</key>
            <value>false</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_PKCE_REQUIRES_CODE_CHALLENGE_METHOD</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_REQUIRE_PKCE</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_FIXED_PORT_IN_CALLBACK_URL</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_CLIENT_SECRET_IN_URL_QUERY_PARAM</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_SUPPORTS_GET_USERINFO_FROM_ID_TOKEN</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_GET_USERNAME_USES_POST_REQUEST</key>
            <value>false</value>
        </entry>
    </capabilities>
    <accessTokenResponseMaps>
        <entry>
            <key>ACCESSTOKEN</key>
            <value>access_token</value>
        </entry>
        <entry>
            <key>REFRESHTOKEN</key>
            <value>refresh_token</value>
        </entry>
        <entry>
            <key>access-token-expires-in</key>
            <value>exp</value>
        </entry>
        <entry>
            <key>id-token</key>
            <value>id_token</value>
        </entry>
        <entry>
            <key>username</key>
            <value>preferred_username</value>
        </entry>
    </accessTokenResponseMaps>
</pluginOAuthConfig>