sugibuchi
commented
3 months ago I recently created #22516 for the JDBC driver, https://github.com/trinodb/trino-python-client/issues/466 for the Python client, and https://github.com/starburstdata/dbt-trino/issues/413 for DBT.
The extensions I propose in these issues are more generic, but we have a motivation similar to yours. Our team needs to integrate Azure AD (Entra ID) based authentication in Trino.
Our goal includes authentication using managed identities. If we need to use service principals or managed identities to authenticate Trino clients, we must combine the extensions above with Trino's JWT authentication.
The current JWT authentication support in the Trino server perfectly works to authenticate clients with access tokens issued by Azure AD. However, the existing JWT authentication support on the client side (JDBC driver, Python client, and DBT adapter) is not enough to use tokens issued by Azure AD.
On the other hand, if you want to authenticate Trino clients running in local environments with AAD user accounts, Trino's OAuth2 authentication would be enough. Our team uses both.
- OAuth2: JDBC client (DBeaver, etc.) running in the developer's local environments.
- JWT + our extensions: Workloads running in Kubernetes clusters (DBT, Spark etc.)
Hi Trino expert,
We have an issue for connecting Trino using microsoft AAD authentication. Since traditional username+password is not allowed, we need to use Microsoft authentication to get the access token to connect Trino. Is it possible?