CloudBeaver - Pass Entra ID OIDC token into Athena connection string #1000

New issue

Open

opened 2026-03-04 11:31:06 -05:00 by deekerman · 4 comments

deekerman commented

2026-03-04 11:31:06 -05:00

Owner

Originally created by @jwrightz on GitHub (Sep 27, 2025).

AWS released an Athena JDBC driver that supports Trusted Identity Propagation.

Is it possible to pass the OIDC token used to log in to CloudBeaver, which I have integrated with Microsoft Entra ID, into the Athena connection string or driver property?

Originally created by @jwrightz on GitHub (Sep 27, 2025). AWS released an Athena JDBC driver that supports [Trusted Identity Propagation](https://docs.aws.amazon.com/athena/latest/ug/using-trusted-identity-propagation.html). Is it possible to pass the OIDC token used to log in to CloudBeaver, which I have integrated with Microsoft Entra ID, into the Athena connection string or driver property?

deekerman added the

xf:aws

label

2026-03-04 11:31:06 -05:00

deekerman commented

2026-03-04 11:31:17 -05:00

Author

Owner

@dariamarutkina commented on GitHub (Sep 29, 2025):

Hello, @jwrightz !

Could you please let us know if you are using the Community Edition or the Enterprise/Pro version?

@dariamarutkina commented on GitHub (Sep 29, 2025): Hello, @jwrightz ! Could you please let us know if you are using the Community Edition or the Enterprise/Pro version?

deekerman commented

2026-03-04 11:31:27 -05:00

Author

Owner

@jwrightz commented on GitHub (Sep 29, 2025):

Hi, @dariamarutkina

I'm using the CloudBeaver AWS Server version 25.2.0.202509081004

@jwrightz commented on GitHub (Sep 29, 2025): Hi, @dariamarutkina I'm using the CloudBeaver AWS Server version 25.2.0.202509081004

deekerman commented

2026-03-04 11:31:28 -05:00

Author

Owner

@dariamarutkina commented on GitHub (Sep 29, 2025):

Thank you for your reply! 🙏

Please contact our support team:

If you already have an account, create a ticket here: https://dbeaver.com/profile/username/tickets
If you don’t have an account, please use this form: https://dbeaver.com/support/

@dariamarutkina commented on GitHub (Sep 29, 2025): Thank you for your reply! 🙏 Please contact our support team: - If you already have an account, create a ticket here: https://dbeaver.com/profile/_username_/tickets - If you don’t have an account, please use this form: https://dbeaver.com/support/

deekerman commented

2026-03-04 11:31:30 -05:00

Author

Owner

@jwrightz commented on GitHub (Sep 29, 2025):

Thanks @dariamarutkina. I've reached out to the support team.

As additional context, I've read the following documentation which describes using Athena with Trusted Identity Propagation with DBeaver. https://docs.aws.amazon.com/athena/latest/ug/using-trusted-identity-propagation-setup.html#using-trusted-identity-propagation-step6

The documentation provides an example connection string: jdbc:athena://Workgroup=;Region=;OutputLocation=;CredentialsProvider=JWT_TIP;ApplicationRoleArn=;WorkgroupArn=;JwtRoleSessionName=JDBC_TIP_SESSION;JwtWebIdentityToken=;

My question is specific to the last parameter: JwtWebIdentityToken=. Is it possible to pass the token used to sign into CloudBeaver into that connection string?

@jwrightz commented on GitHub (Sep 29, 2025): Thanks @dariamarutkina. I've reached out to the support team. As additional context, I've read the following documentation which describes using Athena with Trusted Identity Propagation with DBeaver. https://docs.aws.amazon.com/athena/latest/ug/using-trusted-identity-propagation-setup.html#using-trusted-identity-propagation-step6 The documentation provides an example connection string: jdbc:athena://Workgroup=<value>;Region=<region>;OutputLocation=<location>;CredentialsProvider=JWT_TIP;ApplicationRoleArn=<arn>;WorkgroupArn=<arn>;JwtRoleSessionName=JDBC_TIP_SESSION;JwtWebIdentityToken=<token>; My question is specific to the last parameter: JwtWebIdentityToken=<token>. Is it possible to pass the token used to sign into CloudBeaver into that connection string?