Use OAuth2 if externalAuthentication is present in connection url

After this change if 'externalAuthentication' is passed as a parameter on the connection url we automatically set `http_schema` to `http` and use `OAuth2Authentication`.
trinodb · Sep 22, 2023 · d9d46b0 · d9d46b0
1 parent 0584c93
commit d9d46b0
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/tests/unit/sqlalchemy/test_dialect.py b/tests/unit/sqlalchemy/test_dialect.py
@@ -4,7 +4,7 @@
 import pytest
 from sqlalchemy.engine.url import URL, make_url
 
-from trino.auth import BasicAuthentication
+from trino.auth import BasicAuthentication, OAuth2Authentication
 from trino.dbapi import Connection
 from trino.sqlalchemy import URL as trino_url
 from trino.sqlalchemy.dialect import (
@@ -296,3 +296,12 @@ def test_trino_connection_certificate_auth():
     assert isinstance(cparams['auth'], CertificateAuthentication)
     assert cparams['auth']._cert == cert
     assert cparams['auth']._key == key
+
+
+def test_trino_connection_oauth2_auth():
+    dialect = TrinoDialect()
+    url = make_url('trino://host/?externalAuthentication=true')
+    _, cparams = dialect.create_connect_args(url)
+
+    assert cparams['http_scheme'] == "https"
+    assert isinstance(cparams['auth'], OAuth2Authentication)
diff --git a/trino/sqlalchemy/dialect.py b/trino/sqlalchemy/dialect.py
@@ -22,7 +22,12 @@
 
 from trino import dbapi as trino_dbapi
 from trino import logging
-from trino.auth import BasicAuthentication, CertificateAuthentication, JWTAuthentication
+from trino.auth import (
+    BasicAuthentication,
+    CertificateAuthentication,
+    JWTAuthentication,
+    OAuth2Authentication,
+)
 from trino.dbapi import Cursor
 from trino.sqlalchemy import compiler, datatype, error
 
@@ -113,6 +118,10 @@ def create_connect_args(self, url: URL) -> Tuple[Sequence[Any], Mapping[str, Any
             kwargs["http_scheme"] = "https"
             kwargs["auth"] = CertificateAuthentication(unquote_plus(url.query['cert']), unquote_plus(url.query['key']))
 
+        if "externalAuthentication" in url.query:
+            kwargs["http_scheme"] = "https"
+            kwargs["auth"] = OAuth2Authentication()
+
         if "source" in url.query:
             kwargs["source"] = unquote_plus(url.query["source"])
         else: