starred/cloudbeaver
1
0
Fork 0
mirror of https://github.com/dbeaver/cloudbeaver.git synced 2026-04-25 05:36:14 +03:00
Code Issues 212 Projects Releases Packages Wiki Activity

[GH-ISSUE #3786] CloudBeaver - Pass Entra ID OIDC token into Athena connection string #1324

New issue
Open
opened 2026-03-07 21:02:27 +03:00 by kerem · 4 comments
kerem commented 2026-03-07 21:02:27 +03:00
Owner
Copy link

Originally created by @jwrightz on GitHub (Sep 27, 2025).
Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/3786

AWS released an Athena JDBC driver that supports Trusted Identity Propagation.

Is it possible to pass the OIDC token used to log in to CloudBeaver, which I have integrated with Microsoft Entra ID, into the Athena connection string or driver property?

Originally created by @jwrightz on GitHub (Sep 27, 2025). Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/3786 AWS released an Athena JDBC driver that supports [Trusted Identity Propagation](https://docs.aws.amazon.com/athena/latest/ug/using-trusted-identity-propagation.html). Is it possible to pass the OIDC token used to log in to CloudBeaver, which I have integrated with Microsoft Entra ID, into the Athena connection string or driver property?
kerem commented 2026-03-07 21:02:28 +03:00
Author
Owner
Copy link

@dariamarutkina commented on GitHub (Sep 29, 2025):

Hello, @jwrightz !

Could you please let us know if you are using the Community Edition or the Enterprise/Pro version?

<!-- gh-comment-id:3346845437 --> @dariamarutkina commented on GitHub (Sep 29, 2025): Hello, @jwrightz ! Could you please let us know if you are using the Community Edition or the Enterprise/Pro version?
kerem commented 2026-03-07 21:02:28 +03:00
Author
Owner
Copy link

@jwrightz commented on GitHub (Sep 29, 2025):

Hi, @dariamarutkina

I'm using the CloudBeaver AWS Server version 25.2.0.202509081004

<!-- gh-comment-id:3347098449 --> @jwrightz commented on GitHub (Sep 29, 2025): Hi, @dariamarutkina I'm using the CloudBeaver AWS Server version 25.2.0.202509081004
kerem commented 2026-03-07 21:02:28 +03:00
Author
Owner
Copy link

@dariamarutkina commented on GitHub (Sep 29, 2025):

Thank you for your reply! 🙏

Please contact our support team:

<!-- gh-comment-id:3347486440 --> @dariamarutkina commented on GitHub (Sep 29, 2025): Thank you for your reply! 🙏 Please contact our support team: - If you already have an account, create a ticket here: https://dbeaver.com/profile/_username_/tickets - If you don’t have an account, please use this form: https://dbeaver.com/support/
kerem commented 2026-03-07 21:02:28 +03:00
Author
Owner
Copy link

@jwrightz commented on GitHub (Sep 29, 2025):

Thanks @dariamarutkina. I've reached out to the support team.

As additional context, I've read the following documentation which describes using Athena with Trusted Identity Propagation with DBeaver. https://docs.aws.amazon.com/athena/latest/ug/using-trusted-identity-propagation-setup.html#using-trusted-identity-propagation-step6

The documentation provides an example connection string: jdbc:athena://Workgroup=;Region=;OutputLocation=;CredentialsProvider=JWT_TIP;ApplicationRoleArn=;WorkgroupArn=;JwtRoleSessionName=JDBC_TIP_SESSION;JwtWebIdentityToken=;

My question is specific to the last parameter: JwtWebIdentityToken=. Is it possible to pass the token used to sign into CloudBeaver into that connection string?

<!-- gh-comment-id:3347917534 --> @jwrightz commented on GitHub (Sep 29, 2025): Thanks @dariamarutkina. I've reached out to the support team. As additional context, I've read the following documentation which describes using Athena with Trusted Identity Propagation with DBeaver. https://docs.aws.amazon.com/athena/latest/ug/using-trusted-identity-propagation-setup.html#using-trusted-identity-propagation-step6 The documentation provides an example connection string: jdbc:athena://Workgroup=<value>;Region=<region>;OutputLocation=<location>;CredentialsProvider=JWT_TIP;ApplicationRoleArn=<arn>;WorkgroupArn=<arn>;JwtRoleSessionName=JDBC_TIP_SESSION;JwtWebIdentityToken=<token>; My question is specific to the last parameter: JwtWebIdentityToken=<token>. Is it possible to pass the token used to sign into CloudBeaver into that connection string?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
devel
dbeaver/cloudbeaver#4120-support-token-header
dbeaver/pro#8978-advanced-paste
dbeaver/pro#5680-add-generation-rest-api-for-te
8961-cb-checkboxes-are-not-clickable-in-main-toolbar-dropdown-menu
dbeaver/pro#9047-cb-explain-execution-plan-ai
8328-cb-sql-query-generation-add-settings-for-the-generated-sql-window
8473-ai-confirmation
8107-cb-increase-the-contrast-of-some-elements
dbeaver/cloudbeaver#4249-session-id-rotation
dbeaver/pro#8234-udbt-only-for-admins
dbeaver/pro#9061-NPE-on-starting-RM-and-QM-applications
dbeaver/pro#8707-remove-folder-feature
dbeaver/pro#8766-migrate-to-junit5
dbeaver/pro#8711-sql-executation-plan-improvments
9048-cb-deadlock
release_26_0_3
dbeaver/pro#8044-add-api-for-database-user-preference
8839-entraid-not-working-from-within-myappsmicrosoftcom
8559-te-launch-redesign
8670-cb-multi-paste-support-in-data-editor-3
8943-cb-bump-npm-dependencies
dbeaver/pro#8655-cb-ai-functions-support
dbeaver/pro#8746-oauth
dbeaver/pro#8824-Unify-file-lock-handling-for-local-and-shared-fs
7912-db-oauth-in-te
dbeaver/pro#4158-tree-advanced-filter
dbeaver/dbeaver-devops#1604-non-root-user-25-2
dbeaver/pro#5124-fix-case-insensetive-username-in-import
3815-ctrl-z-is-unstable-lib-523-version
8894-ai-assistant-cache
dbeaver/pro#8896-Remove-added-h2_server_v3
release_26_0_2
dbeaver/pro#8392-Add-H2-driver-with-the-newest-version
8065-lsp-front-end
release_26_0_1
dbeaver/pro#7844-cb-lsp-server
dbeaver/pro#7530-csp-protection
release_26_0_0
release_25_3_5
release_25_3_4
release_25_3_3
7953-cb-ability-to-pin-rows-in-the-data-editor
devops-2221-base-java-repo
7923-cb-ws-events-are-misconfigured
release_25_3_2
release_25_3_1
release_25_3_0
release_25_2_5
dbeaver/pro#5267/auth-providers-refactoring
dbeaver/pro#6364-add-option-to-set-default-view-for-project
release_25_2_4
dbeaver/pro#5476-task-scheduler-refactor
release_25_2_3
7128-remove-deprecated-api
release_25_2_0
release_25_2_1
release_25_2_2
4569-cb-3681-use-something-better-than-md5-hash-to-pass-local-user-passwords
dbeaver/dbeaver-devops#1604-non-root-user-without-user-in-image
dbeaver/pro#6976-logging-poc
dbeaver/pro#6324-cursor-sync
dbeaver/pro#5630-add-cache-for-queries
dbeaver/pro#5574/fix/multi-query-vqb
dbeaver/pro#5802/feat/table-api
5664-cb-vscode-value-panel-support-text-format
CB-6291-build-local-script-do-not-clone-all-required-repos-for-successful-build
4288-core-fix-critical-cve-2022-0839-and-cve-2022-0839-in-liquibase-bundle
3944-model-data
4207-core-duplicate-cb-session-id-in-dc-side
chore/update-vite-assets-plugin
25.1.5
25.1.4
25.1.3
25.1.2
25.1.1
25.1.0
25.0.5
25.0.4
25.0.3
25.0.2
25.0.1
25.0.0
24.3.5
24.3.4
24.3.3
24.3.2
24.3.0
24.3.1
24.2.5
24.2.4
24.2.3
24.2.2
24.2.1
24.2.0
24.1.5
24.1.4
24.1.3
24.1.2
24.1.0
24.1.1
24.0.5
24.0.4
24.0.3
24.0.2
24.0.1
24.0.0
23.3.5
23.3.4
23.3.3
23.3.2
23.3.1
23.3.0
23.2.5
23.2.4
23.2.3
23.2.2
23.2.1
23.2.0
23.1.5
23.1.4
23.1.3
23.1.2
23.1.1
v23.1.0
v23_0_5
21.3.3
21.2.4
1.2.0
1.1.0
1.0.4
1.0.3
1.0.1b
1.0.2
1.0.1
1.0.0
Labels
Clear labels   
AS

   
can't reproduce

   
can't reproduce

   
deployment

   
development

   
documentation

   
duplicate

   
duplicate

   
ee

   
enhancement

   
external

   
new driver

   
performance

   
pull-request

Mirrored from GitHub Pull Request

  
third party issue

   
wait for response

   
wait for review

   
wontfix

   
x:Oracle

   
x:cassandra

   
x:clickhouse

   
x:db2

   
x:duckdb

   
x:greenplum

   
x:h2

   
x:h2gis

   
x:hana

   
x:hive

   
x:intersystems

   
x:kyuubi

   
x:maria

   
x:mongo

   
x:mysql

   
x:postgresql

   
x:presto

   
x:sql server

   
x:sqlite

   
x:teradata

   
x:trino

   
xf:accessibility

   
xf:administration

   
xf:ai

   
xf:authentication

   
xf:aws

   
xf:commit-mode

   
xf:connection

   
xf:dark theme

   
xf:data editor

   
xf:datatransfer

   
xf:dba

   
xf:driver management

   
xf:erd

   
xf:filters

   
xf:i18n

   
xf:i18n

   
xf:installer

   
xf:json

   
xf:kerberos

   
xf:ldap

   
xf:local config

   
xf:log viewer

   
xf:metadata

   
xf:metadata editor

   
xf:navigator

   
xf:okta

   
xf:query manager

   
xf:resource manager

   
xf:scripts

   
xf:sql editor

   
xf:tasks

   
xf:ui/uix

   
xo: Firefox

   
xo:eclipse

   
xo:internet explorer

   
xo:macos

   
xp:major

   
xrn:internal
No labels
AS
can't reproduce
can't reproduce
deployment
development
documentation
duplicate
duplicate
ee
enhancement
external
new driver
performance
pull-request
third party issue
wait for response
wait for review
wontfix
x:Oracle
x:cassandra
x:clickhouse
x:db2
x:duckdb
x:greenplum
x:h2
x:h2gis
x:hana
x:hive
x:intersystems
x:kyuubi
x:maria
x:mongo
x:mysql
x:postgresql
x:presto
x:sql server
x:sqlite
x:teradata
x:trino
xf:accessibility
xf:administration
xf:ai
xf:authentication
xf:aws
xf:commit-mode
xf:connection
xf:dark theme
xf:data editor
xf:datatransfer
xf:dba
xf:driver management
xf:erd
xf:filters
xf:i18n
xf:i18n
xf:installer
xf:json
xf:kerberos
xf:ldap
xf:local config
xf:log viewer
xf:metadata
xf:metadata editor
xf:navigator
xf:okta
xf:query manager
xf:resource manager
xf:scripts
xf:sql editor
xf:tasks
xf:ui/uix
xo: Firefox
xo:eclipse
xo:internet explorer
xo:macos
xp:major
xrn:internal
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/cloudbeaver#1324
No description provided.