[FEATURE] Accept oauth secret as password

[kaklakariada]

Is your feature request related to a problem? Please describe.
When using OAuth Client Credentials (Machine-to-Machine), the JDBC driver requires putting the oauth secret into the JDBC URL:

AuthMech=11;Auth_Flow=1;OAuth2ClientId=<client_id>;OAuth2Secret=<client_secret>

Depending on the application, the JDBC URL (and the secret) might be revealed e.g. in log files.

Describe the solution you'd like
Update the JDBC driver to accept the OAuth secret as password (and maybe the client ID as username). This way, the OAuth secret will not be revealed in log files.

Describe alternatives or workarounds you've considered
Using DriverManager.getConnection(String url, Properties info) and specifying the secret in the info properties.

But this is not possible when the application only uses DriverManager.getConnection(String url, String user, String password).

Additional Context
When using tokens, you can use getConnection(url, "token", "<your_token>"). Maybe a similar mechanism could be implemented also for M2M Oauth.

[gopalldb]

We will look into this

[gopalldb]

I did a code audit, and found that we are not logging the Url or properties anywhere. We are further adding a redactor to further sanitize the Url: #1136

We do support properties, thus [DriverManager.getConnection(String url, Properties info)](https://docs.oracle.com/en/java/javase/17/docs/api/java.sql/java/sql/DriverManager.html#getConnection(java.lang.String,java.util.Properties)) is supported.

But since you asked to support ClientSecret from password param in DriverManager.getConnection(String url, String user, String password), we will look into that as that deviates from our own published spec.

[antonireus]

The problem it's not the driver itself logging the URL, but any tool that uses JDBC drivers.

Take for example using a tool like DBeaver and creating a connection to Databricks. These tools take care of course of handling properly the password field, but they don't take the same care for the JDBC URL or the driver properties, so in the UI of these tools they are displayed in clear text.

This is an example screenshot of DBeaver UI, when hovering over a defined Databricks connection using a URL with OAuth, the whole JDBC URL is displayed in clear text

[github-actions]

This issue has been marked as Stale because it has been open for 30 days with no activity. If you would like the issue to remain open, please remove the stale label or comment on the issue.

[antonireus]

Please address this issue, it prevents using the Databricks JDBC driver with OAuth securely in database tools like DBeaver

[github-actions]

This issue has been marked as Stale because it has been open for 30 days with no activity. If you would like the issue to remain open, please remove the stale label or comment on the issue.

[antonireus]

This is still an issue

[gopalldb]

Will plan for handling this