<?xml version="1.0" encoding="utf-8"?>
<pluginOAuthConfig>
<!-- dbclass must be trino_jdbc -->
<dbclass>trino_jdbc</dbclass>
<!-- oauthConfigId must starts with custom_ and contain only letters, numbers and underscores -->
<oauthConfigId>custom_okta</oauthConfigId>
<!-- Use the same application you created for Starburst Enterprise web UI, or create a separate one for Tableau -->
<clientIdDesktop>client_id</clientIdDesktop>
<!-- It's recommended to use OAuth 2.0 authorization code flow with PKCE, and leave clientSecretDesktop empty -->
<clientSecretDesktop></clientSecretDesktop>
<!-- The following Callback URLs must be added to Sign-in redirect URIs -->
<redirectUrisDesktop>http://localhost:55555/Callback</redirectUrisDesktop>
<redirectUrisDesktop>http://localhost:55556/Callback</redirectUrisDesktop>
<redirectUrisDesktop>http://localhost:55557/Callback</redirectUrisDesktop>
<redirectUrisDesktop>http://localhost:55558/Callback</redirectUrisDesktop>
<redirectUrisDesktop>http://localhost:55559/Callback</redirectUrisDesktop>
<!-- authUri and tokenUri are required, userInfoUri is optional -->
<authUri>https://my_okta_server.okta.com/oauth2/default/v1/authorize</authUri>
<tokenUri>https://my_okta_server.okta.com/oauth2/default/v1/token</tokenUri>
<userInfoUri></userInfoUri>
<scopes>profile</scopes>
<scopes>openid</scopes>
<scopes>offline_access</scopes>
<capabilities>
<entry>
<key>OAUTH_CAP_SUPPORTS_STATE</key>
<value>true</value>
</entry>
<entry>
<key>OAUTH_CAP_SUPPORTS_CUSTOM_DOMAIN</key>
<value>false</value>
</entry>
<entry>
<key>OAUTH_CAP_PKCE_REQUIRES_CODE_CHALLENGE_METHOD</key>
<value>true</value>
</entry>
<entry>
<key>OAUTH_CAP_REQUIRE_PKCE</key>
<value>true</value>
</entry>
<entry>
<key>OAUTH_CAP_FIXED_PORT_IN_CALLBACK_URL</key>
<value>true</value>
</entry>
<entry>
<key>OAUTH_CAP_CLIENT_SECRET_IN_URL_QUERY_PARAM</key>
<value>true</value>
</entry>
<entry>
<key>OAUTH_CAP_SUPPORTS_GET_USERINFO_FROM_ID_TOKEN</key>
<value>true</value>
</entry>
<entry>
<key>OAUTH_CAP_GET_USERNAME_USES_POST_REQUEST</key>
<value>false</value>
</entry>
</capabilities>
<accessTokenResponseMaps>
<entry>
<key>ACCESSTOKEN</key>
<value>access_token</value>
</entry>
<entry>
<key>REFRESHTOKEN</key>
<value>refresh_token</value>
</entry>
<entry>
<key>access-token-expires-in</key>
<value>exp</value>
</entry>
<entry>
<key>id-token</key>
<value>id_token</value>
</entry>
<entry>
<key>username</key>
<value>preferred_username</value>
</entry>
</accessTokenResponseMaps>
</pluginOAuthConfig>
Is the information on this page helpful?
Yes
No