Using a Google User Account

You can configure the connector to authenticate the connection with a Google user account. This authentication method uses the OAuth 2.0 access and refresh tokens associated with the user account as the credentials.

The access token is transmitted with every API call that the connector makes, and it is required for accessing BigQuery data stores. However, the access token expires after a certain amount of time and must be renewed using the refresh token. If the refresh token is stored in the DSN, the connector automatically uses it to renew access tokens when they expire.

Note:

For more information about OAuth 2.0, see "Using OAuth 2.0 to Access Google APIs" in the Google Identity Platform documentation: https://developers.google.com/identity/protocols/OAuth2.

At minimum, you need to provide the OAuth 2.0 refresh token associated with your account. The connector retrieves and uses an access token based on your specified refresh token.

• If you do not have your refresh token, see Retrieving a Refresh Token.
• If you have your refresh token, see Providing a Refresh Token.
• If you want to provide a .json key file that contains your credentials instead of providing your refresh token directly in your connection information, see Providing a Key File.

Retrieving a Refresh Token

When you authenticate your connection this way, the authentication process provides a temporary authorization code that you can exchange for an access token and a refresh token.

You can retrieve a refresh token by providing your own credentials, or by using a script that uses Simba-provided credentials.

Note:

If you use your credentials to generate a refresh token, you cannot use it in conjunction with the Simba-provided credentials. Conversely, if you use a refresh token generated with the Simba-provided credentials, it cannot be used in conjunction with your user credentials.

To configure authentication by retrieving a refresh token using Simba-provided credentials:

1. In the [INSTALL_DIR]/Tools directory, right-click get_refresh_token.sh and select Edit.
2. From the internal commented section, copy the entire authentication generator URL.
3. In a web browser, navigate to the URL you copied in the previous step.
4. Click Allow. The browser redirects you to a page with an authentication token.
5. Copy the authentication token.
6. Using a command line interface, run get_refresh_token.sh with your copied authentication token added as the argument to the script. The script generates a refresh token.

Now that you have a refresh token, see Providing a Refresh Token.

To configure user account authentication by retrieving a refresh token:

1. Obtain a refresh token based on your user account:
   1. In a web browser, navigate to the Google OAuth 2.0 Playground: https://developers.google.com/oauthplayground/.
   2. In the side panel, expand BigQuery API v2 and select the appropriate scope for the permissions that you need.

   Note:

   For information about the permissions associated with each scope, see "OAuth 2.0 Scopes for Google APIs" in the Google Identity Platform documentation: https://developers.google.com/identity/protocols/googlescopes.

   3. Click Authorize APIs.
   4. Sign in to your user account.
   5. When you are prompted to allow Google OAuth 2.0 Playground to view and manage your data in Google BigQuery, click Allow.

   The authentication process returns you to the Google OAuth 2.0 Playground, and automatically populates the Authorization Code field with an authorization code.

   6. Click Exchange Authorization Code for Tokens.

   The Refresh Token and Access Token fields are populated with the appropriate token values.

2. In your DSN or connection string, set the OAuthMechanism property to 1.
3. Set the RefreshToken property to the refresh token that you obtained from Google.
4. Set the ClientId property to your BigQuery client ID.
5. Set the ClientSecret property to the corresponding client secret.

Providing a Refresh Token

If you already have your refresh token, then you can provide the token in your connection information without going through the retrieval process described above.

To configure user account authentication by providing a refresh token:

1. Set the OAuthMechanism property to 1.
2. Set the RefreshToken property to the refresh token associated with your user account.

Providing a Key File

As an alternative to providing your refresh token directly in your connection information, you can save the token in a .json key file and then specify the path to the file in your connection information.

The file must define a JSON object of type authorized_user containing the refresh token, client ID, and client secret associated with your user account. For example, the .json key file must be written in the following format:

To configure user account authentication by providing a key file:

1. Set the OAuthMechanism property to 0.

   Note: Although this is a form of user authentication, the connector must be configured to use the service authentication mechansim (OAuthMechanism=0) in order to detect and use the key file.

2. Set the Email property to your user account email ID.
3. Set the KeyFilePath or KeyFile property to the full path to the .json key file. Alternatively, set the KeyFile property to the plain text JSON object.