You can configure the driver to authenticate the connection with a Google user account. This authentication method uses the OAuth 2.0 access and refresh tokens associated with the user account as the credentials.
The access token is transmitted with every API call that the driver makes, and it is required for accessing BigQuery data stores. However, the access token expires after a certain amount of time and must be renewed using the refresh token. If the refresh token is stored in the DSN, the driver automatically uses it to renew access tokens when they expire.
For more information about OAuth 2.0, see "Using OAuth 2.0 to Access Google APIs" in the Google Identity Platform documentation: https://developers.google.com/identity/protocols/OAuth2.
At minimum, you need to provide the OAuth 2.0 refresh token associated with your account. The driver retrieves and uses an access token based on your specified refresh token.
.jsonkey file that contains your credentials instead of providing your refresh token directly in your connection information, see Providing a Key File.
When you authenticate your connection this way, the authentication process provides a temporary authorization code that you can exchange for an access token and a refresh token.
You can retrieve a refresh token by providing your own credentials, or by using a script that uses Simba-provided credentials.
If you use your credentials to generate a refresh token, you cannot use it in conjunction with the Simba-provided credentials. Conversely, if you use a refresh token generated with the Simba-provided credentials, it cannot be used in conjunction with your user credentials.
To configure authentication by retrieving a refresh token using Simba-provided credentials:
get_refresh_token.shand select Edit.
The browser redirects you to a page with an authentication token.
get_refresh_token.shwith your copied authentication token added as the argument to the script.
The script generates a refresh token.
Now that you have a refresh token, see Providing a Refresh Token.
To configure user account authentication by retrieving a refresh token:
For information about the permissions associated with each scope, see "OAuth 2.0 Scopes for Google APIs" in the Google Identity Platform documentation: https://developers.google.com/identity/protocols/googlescopes.
The authentication process returns you to the Google OAuth 2.0 Playground, and automatically populates the Authorization Code field with an authorization code.
The Refresh Token and Access Token fields are populated with the appropriate token values.
RefreshTokenproperty to the refresh token that you obtained from Google.
ClientIdproperty to your BigQuery client ID.
ClientSecretproperty to the corresponding client secret.
If you already have your refresh token, then you can provide the token in your connection information without going through the retrieval process described above.
To configure user account authentication by providing a refresh token:
RefreshTokenproperty to the refresh token associated with your user account.
As an alternative to providing your refresh token directly in your connection information, you can save the token in a
.json key file and then specify the path to the file in your connection information.
The file must define a JSON object of type
authorized_user containing the refresh token, client ID, and client secret associated with your user account. For example, the
.json key file must be written in the following format:
To configure user account authentication by providing a key file:
Although this is a form of user authentication, the driver must be configured to use the service authentication mechansim (
OAuthMechanism=0) in order to detect and use the key file.
KeyFilePathproperty to the full path to the