The Data Provider supports OpenID Connect (OIDC) authentication via an External Browser. The OpenID Connect web site has addtional information including detailed specifications and a list of Certified Implementations.

The Data Provider launches the system/external browser for the interactive user to authenticate with the OpenID Provider (OP, a.k.a. Identity Provider) when the AuthenticationMechanism connection string property is set to EXTERNALBROWSER. The Data Provider recieves a JWT token after the user authenticates with the OP through the external browser. The Data Provider internally utilizes the JWT authentication mechansim to send the token to the SQL Engine. The Advanced SQL Engine must be setup to support JWT and it must be setup to send the OP URL and the Client-ID to the Data Provider. The Advanced SQL Engine manuals document the steps to setup the SQL Engine.

The External Browser Authentication must only be used with Desktop applications. It cannot be used in Server applications where there is no Interactive-User. JWT AuthenticationMechanism can be utilized in Server applications but the application is responsible for obtaining a JWT token from the OP.