This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/arrow-java.git
The following commit(s) were added to refs/heads/asf-site by this push:
new ae4f2966f Publish documentation
(0f8a0808fd9cf0bd22d3c6b40a2016ee724ce185)
ae4f2966f is described below
commit ae4f2966f396f9b9997d308ed5282c195bbada87
Author: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
AuthorDate: Fri Jan 23 10:01:37 2026 +0000
Publish documentation (0f8a0808fd9cf0bd22d3c6b40a2016ee724ce185)
---
main/_sources/flight_sql_jdbc_driver.rst.txt | 123 +++++++++++++++++++++++++
main/flight_sql_jdbc_driver.html | 132 +++++++++++++++++++++++++++
main/index.html | 1 +
main/searchindex.js | 2 +-
4 files changed, 257 insertions(+), 1 deletion(-)
diff --git a/main/_sources/flight_sql_jdbc_driver.rst.txt
b/main/_sources/flight_sql_jdbc_driver.rst.txt
index 180693094..4deb726b3 100644
--- a/main/_sources/flight_sql_jdbc_driver.rst.txt
+++ b/main/_sources/flight_sql_jdbc_driver.rst.txt
@@ -173,3 +173,126 @@ DriverManager#getConnection()
<https://docs.oracle.com/javase/8/docs/api/java/sql/DriverManager.html#getConnection-java.lang.String-java.lang.String-java.lang.String->`_,
the username and password supplied on the URI supercede the username and
password arguments to the function call.
+
+OAuth 2.0 Authentication
+========================
+
+The driver supports OAuth 2.0 authentication for obtaining access tokens
+from an authorization server. Two OAuth flows are currently supported:
+
+* **Client Credentials** - For service-to-service authentication where no
+ user interaction is required. The application authenticates using its own
+ credentials (client ID and client secret).
+
+* **Token Exchange** (RFC 8693) - For exchanging one token for another,
+ commonly used for federated authentication, delegation, or impersonation
+ scenarios.
+
+OAuth Connection Properties
+---------------------------
+
+The following properties configure OAuth authentication. These properties
+should be provided via the ``Properties`` object when connecting, as they
+may contain special characters that are difficult to encode in a URI.
+
+**Common OAuth Properties**
+
+.. list-table::
+ :header-rows: 1
+
+ * - Parameter
+ - Type
+ - Required
+ - Default
+ - Description
+
+ * - oauth.flow
+ - String
+ - Yes (to enable OAuth)
+ - null
+ - The OAuth grant type. Supported values: ``client_credentials``,
+ ``token_exchange``
+
+ * - oauth.tokenUri
+ - String
+ - Yes
+ - null
+ - The OAuth 2.0 token endpoint URL (e.g.,
+ ``https://auth.example.com/oauth/token``)
+
+ * - oauth.clientId
+ - String
+ - Conditional
+ - null
+ - The OAuth 2.0 client ID. Required for ``client_credentials`` flow,
+ optional for ``token_exchange``
+
+ * - oauth.clientSecret
+ - String
+ - Conditional
+ - null
+ - The OAuth 2.0 client secret. Required for ``client_credentials`` flow,
+ optional for ``token_exchange``
+
+ * - oauth.scope
+ - String
+ - No
+ - null
+ - Space-separated list of OAuth scopes to request
+
+ * - oauth.resource
+ - String
+ - No
+ - null
+ - The resource indicator for the token request (RFC 8707)
+
+**Token Exchange Properties**
+
+These properties are specific to the ``token_exchange`` flow:
+
+.. list-table::
+ :header-rows: 1
+
+ * - Parameter
+ - Type
+ - Required
+ - Default
+ - Description
+
+ * - oauth.exchange.subjectToken
+ - String
+ - Yes
+ - null
+ - The subject token to exchange (e.g., a JWT from an identity provider)
+
+ * - oauth.exchange.subjectTokenType
+ - String
+ - Yes
+ - null
+ - The token type URI of the subject token. Common values:
+ ``urn:ietf:params:oauth:token-type:access_token``,
+ ``urn:ietf:params:oauth:token-type:jwt``
+
+ * - oauth.exchange.actorToken
+ - String
+ - No
+ - null
+ - The actor token for delegation/impersonation scenarios
+
+ * - oauth.exchange.actorTokenType
+ - String
+ - No
+ - null
+ - The token type URI of the actor token
+
+ * - oauth.exchange.aud
+ - String
+ - No
+ - null
+ - The target audience for the exchanged token
+
+ * - oauth.exchange.requestedTokenType
+ - String
+ - No
+ - null
+ - The desired token type for the exchanged token
diff --git a/main/flight_sql_jdbc_driver.html b/main/flight_sql_jdbc_driver.html
index 57d4aaea4..0f379d070 100644
--- a/main/flight_sql_jdbc_driver.html
+++ b/main/flight_sql_jdbc_driver.html
@@ -412,6 +412,134 @@ DriverManager#getConnection()</a>,
the username and password supplied on the URI supercede the username and
password arguments to the function call.</p>
</section>
+<section id="oauth-2-0-authentication">
+<h2>OAuth 2.0 Authentication<a class="headerlink"
href="#oauth-2-0-authentication" title="Link to this heading">¶</a></h2>
+<p>The driver supports OAuth 2.0 authentication for obtaining access tokens
+from an authorization server. Two OAuth flows are currently supported:</p>
+<ul class="simple">
+<li><p><strong>Client Credentials</strong> - For service-to-service
authentication where no
+user interaction is required. The application authenticates using its own
+credentials (client ID and client secret).</p></li>
+<li><p><strong>Token Exchange</strong> (RFC 8693) - For exchanging one token
for another,
+commonly used for federated authentication, delegation, or impersonation
+scenarios.</p></li>
+</ul>
+<section id="oauth-connection-properties">
+<h3>OAuth Connection Properties<a class="headerlink"
href="#oauth-connection-properties" title="Link to this heading">¶</a></h3>
+<p>The following properties configure OAuth authentication. These properties
+should be provided via the <code class="docutils literal notranslate"><span
class="pre">Properties</span></code> object when connecting, as they
+may contain special characters that are difficult to encode in a URI.</p>
+<p><strong>Common OAuth Properties</strong></p>
+<div class="table-wrapper docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Parameter</p></th>
+<th class="head"><p>Type</p></th>
+<th class="head"><p>Required</p></th>
+<th class="head"><p>Default</p></th>
+<th class="head"><p>Description</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>oauth.flow</p></td>
+<td><p>String</p></td>
+<td><p>Yes (to enable OAuth)</p></td>
+<td><p>null</p></td>
+<td><p>The OAuth grant type. Supported values: <code class="docutils literal
notranslate"><span class="pre">client_credentials</span></code>,
+<code class="docutils literal notranslate"><span
class="pre">token_exchange</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>oauth.tokenUri</p></td>
+<td><p>String</p></td>
+<td><p>Yes</p></td>
+<td><p>null</p></td>
+<td><p>The OAuth 2.0 token endpoint URL (e.g.,
+<code class="docutils literal notranslate"><span
class="pre">https://auth.example.com/oauth/token</span></code>)</p></td>
+</tr>
+<tr class="row-even"><td><p>oauth.clientId</p></td>
+<td><p>String</p></td>
+<td><p>Conditional</p></td>
+<td><p>null</p></td>
+<td><p>The OAuth 2.0 client ID. Required for <code class="docutils literal
notranslate"><span class="pre">client_credentials</span></code> flow,
+optional for <code class="docutils literal notranslate"><span
class="pre">token_exchange</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>oauth.clientSecret</p></td>
+<td><p>String</p></td>
+<td><p>Conditional</p></td>
+<td><p>null</p></td>
+<td><p>The OAuth 2.0 client secret. Required for <code class="docutils literal
notranslate"><span class="pre">client_credentials</span></code> flow,
+optional for <code class="docutils literal notranslate"><span
class="pre">token_exchange</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>oauth.scope</p></td>
+<td><p>String</p></td>
+<td><p>No</p></td>
+<td><p>null</p></td>
+<td><p>Space-separated list of OAuth scopes to request</p></td>
+</tr>
+<tr class="row-odd"><td><p>oauth.resource</p></td>
+<td><p>String</p></td>
+<td><p>No</p></td>
+<td><p>null</p></td>
+<td><p>The resource indicator for the token request (RFC 8707)</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+<p><strong>Token Exchange Properties</strong></p>
+<p>These properties are specific to the <code class="docutils literal
notranslate"><span class="pre">token_exchange</span></code> flow:</p>
+<div class="table-wrapper docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Parameter</p></th>
+<th class="head"><p>Type</p></th>
+<th class="head"><p>Required</p></th>
+<th class="head"><p>Default</p></th>
+<th class="head"><p>Description</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>oauth.exchange.subjectToken</p></td>
+<td><p>String</p></td>
+<td><p>Yes</p></td>
+<td><p>null</p></td>
+<td><p>The subject token to exchange (e.g., a JWT from an identity
provider)</p></td>
+</tr>
+<tr class="row-odd"><td><p>oauth.exchange.subjectTokenType</p></td>
+<td><p>String</p></td>
+<td><p>Yes</p></td>
+<td><p>null</p></td>
+<td><p>The token type URI of the subject token. Common values:
+<code class="docutils literal notranslate"><span
class="pre">urn:ietf:params:oauth:token-type:access_token</span></code>,
+<code class="docutils literal notranslate"><span
class="pre">urn:ietf:params:oauth:token-type:jwt</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>oauth.exchange.actorToken</p></td>
+<td><p>String</p></td>
+<td><p>No</p></td>
+<td><p>null</p></td>
+<td><p>The actor token for delegation/impersonation scenarios</p></td>
+</tr>
+<tr class="row-odd"><td><p>oauth.exchange.actorTokenType</p></td>
+<td><p>String</p></td>
+<td><p>No</p></td>
+<td><p>null</p></td>
+<td><p>The token type URI of the actor token</p></td>
+</tr>
+<tr class="row-even"><td><p>oauth.exchange.aud</p></td>
+<td><p>String</p></td>
+<td><p>No</p></td>
+<td><p>null</p></td>
+<td><p>The target audience for the exchanged token</p></td>
+</tr>
+<tr class="row-odd"><td><p>oauth.exchange.requestedTokenType</p></td>
+<td><p>String</p></td>
+<td><p>No</p></td>
+<td><p>null</p></td>
+<td><p>The desired token type for the exchanged token</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+</section>
</section>
</article>
@@ -472,6 +600,10 @@ password arguments to the function call.</p>
<li><a class="reference internal" href="#">Arrow Flight SQL JDBC Driver</a><ul>
<li><a class="reference internal"
href="#installation-and-requirements">Installation and Requirements</a></li>
<li><a class="reference internal" href="#connecting-to-a-database">Connecting
to a Database</a></li>
+<li><a class="reference internal" href="#oauth-2-0-authentication">OAuth 2.0
Authentication</a><ul>
+<li><a class="reference internal" href="#oauth-connection-properties">OAuth
Connection Properties</a></li>
+</ul>
+</li>
</ul>
</li>
</ul>
diff --git a/main/index.html b/main/index.html
index 994f05505..c2fb0c06e 100644
--- a/main/index.html
+++ b/main/index.html
@@ -343,6 +343,7 @@ on the Arrow format and other language bindings see the <a
class="reference inte
<li class="toctree-l1"><a class="reference internal"
href="flight_sql_jdbc_driver.html">Arrow Flight SQL JDBC Driver</a><ul>
<li class="toctree-l2"><a class="reference internal"
href="flight_sql_jdbc_driver.html#installation-and-requirements">Installation
and Requirements</a></li>
<li class="toctree-l2"><a class="reference internal"
href="flight_sql_jdbc_driver.html#connecting-to-a-database">Connecting to a
Database</a></li>
+<li class="toctree-l2"><a class="reference internal"
href="flight_sql_jdbc_driver.html#oauth-2-0-authentication">OAuth 2.0
Authentication</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal"
href="dataset.html">Dataset</a><ul>
diff --git a/main/searchindex.js b/main/searchindex.js
index d3a972775..4023fa817 100644
--- a/main/searchindex.js
+++ b/main/searchindex.js
@@ -1 +1 @@
-Search.setIndex({"alltitles": {"Adding Services": [[6, "adding-services"]],
"Adding and removing vectors": [[18, "adding-and-removing-vectors"]],
"Allocation Details": [[13, "allocation-details"]], "Allocator Perspective":
[[13, "allocator-perspective"]], "Archery": [[3, "archery"], [3, "id4"]],
"Arrow Flight RPC": [[6, null]], "Arrow Flight SQL": [[7, null]], "Arrow Flight
SQL JDBC Driver": [[8, null]], "Arrow JDBC Adapter": [[12, null]], "Arrow Java
Modules": [[14, "id1"]], "Arrow Memo [...]
\ No newline at end of file
+Search.setIndex({"alltitles": {"Adding Services": [[6, "adding-services"]],
"Adding and removing vectors": [[18, "adding-and-removing-vectors"]],
"Allocation Details": [[13, "allocation-details"]], "Allocator Perspective":
[[13, "allocator-perspective"]], "Archery": [[3, "archery"], [3, "id4"]],
"Arrow Flight RPC": [[6, null]], "Arrow Flight SQL": [[7, null]], "Arrow Flight
SQL JDBC Driver": [[8, null]], "Arrow JDBC Adapter": [[12, null]], "Arrow Java
Modules": [[14, "id1"]], "Arrow Memo [...]
\ No newline at end of file
