Skip to main content

Application Authentication

Application authentication enables programmatic access to Dremio for automated workflows, integrations, and service-to-service communication. Unlike user authentication, which is designed for interactive sessions, application authentication provides secure, token-based access for applications, scripts, and third-party tools.

Application authentication is essential for:

  • API Integrations: Connecting BI tools, ETL pipelines, and custom applications.
  • Automated Workflows: Scheduled data processing and reporting tasks.
  • Service-to-Service Communication: Microservices accessing Dremio resources.
  • CI/CD Pipelines: Automated testing and deployment processes.

Dremio supports two primary application authentication methods that differ fundamentally in their authentication flow and token issuance:

MethodAuthentication FlowToken IssuerBest For
OAuth ApplicationsRedirect to Dremio login, user authenticates, redirect back with tokenOAuth access token from DremioThird-party applications, custom applications requiring standard OAuth
External Token ProvidersUser authenticates with enterprise IdP, JWT used directly with DremioJWT from your identity provider, OAuth access token from DremioEnterprise SSO environments, existing JWT infrastructure

OAuth Applications

OAuth 2.0 provides secure, standardized authorization for third-party applications. This method is ideal when you need user consent or want to integrate with applications that already support OAuth flows.

Key Features:

External Token Providers

External token providers allow you to use JSON Web Tokens (JWTs) issued by your existing OAuth server or identity provider. This approach is ideal for enterprises with established identity infrastructure.

Key Features:

  • Leverages existing identity systems
  • Supports custom claims and token validation
  • Integrates with enterprise SSO
  • Manages centralized tokens