25 OCI-C Driver Support for Microsoft Entra ID Client Credential Flow

This topic explains the new session attributes introduced in OCI-C driver that supports token acquisition from Microsoft Entra ID by directly accepting identity configuration parameters in constrained database environments.

New session attributes are introduced that enable the Oracle Call Interface C driver to acquire access tokens from Microsoft Entra ID by accepting identity configuration parameters directly.

The OCI Client driver is extended to accept the following key identity inputs (client credentials):

• Tenant ID
• Client ID
• Client Secret
• Application ID URI

See OCI Attributes to Obtain MS EI Access Tokens for details on the new attributes with the API interface information.

Using the above information, the driver constructs and sends a secure HTTPS POST request to the Microsoft Entra token endpoint, following the OAuth 2.0 client credentials grant flow. Upon successful retrieval of an access token, the driver stores the token internally, and uses it proceed with the authentication handshake against the Oracle AI Database.

This enhanced capability is especially useful in constrained environments, where customers may lack access to Oracle wallets, or, be unable to configure connect string properties. For customers that are unable to facilitate a wallet with client secret included, this enhancement enables the OCI client driver to directly acquire the access token for DB login as part of the client credential flow.

This end-to-end workflow allows applications to authenticate securely and programmatically by internally calling the Microsoft Entra ID endpoints, without depending on external wallet files, or, pre-generated tokens; thereby, improving automation, cloud compatibility, and developer flexibility in enterprise and hybrid environments.