Maximizing TiDB Cloud Security and Usability with OAuth 2.0 Authorization Code Flow

At PingCAP, security is one of our core values. We always strive to support the latest security standards to ensure your high-scale, mission-critical applications are always secure. By integrating the OAuth 2.0 authorization code flow, TiDB Cloud enhances both security and usability, providing you with robust, secure access to your cloud resources.

In today’s cloud environment, OAuth (Open Authorization) is essential for secure authorization and delegation of access to resources. It allows users to grant third-party applications access to their resources without sharing their credentials. This ensures a higher level of security and control.

The OAuth 2.0 standard specifies several grant types, and TiDB Cloud currently supports two of these: Authorization Code and Device Code. Recently, we introduced TiDB Cloud OAuth with an example of the OAuth device code. Today, we’ll delve into the authorization code flow and showcase its application through a practical example.

By supporting the OAuth 2.0 authorization code flow, TiDB Cloud not only fortifies security but also improves usability, making it easier for you to manage and access your cloud resources securely and efficiently.

OAuth 2.0 Authorization Code Flow

The OAuth 2.0 authorization code grant type, also called the “authorization code flow” or “auth code flow,” is the most advanced and flexible OAuth flow. It allows both mobile and web clients to obtain tokens securely and gain access to web APIs.

TiDB Cloud OAuth Example Using Authorization Code: “TiDB Cloud Bot” on ChatGPT

We built a custom GPT named “TiDB Cloud Bot” to demonstrate the workflow of the authorization code on TiDB Cloud.

Overview of “TiDB Cloud Bot”

We developed TiDB Cloud Bot for demo purposes. It integrates with TiDB Cloud OAuth authorization code, allowing secure authorization and access to the TiDB cloud resource on behalf of a TiDB Cloud user.

Try out the OAuth Authorization Code with “TiDB Cloud Bot”

You can access the ChatGPT TiDB Cloud Bot from the ChatGPT website.

You can ask any questions about your TiDB Cloud organization, projects, and cluster. For example, “Show project list in my tidbcloud orgs” or “How many projects do I have?”

GPT needs your authorization to access TiDB Cloud resources at first. Just click “Sign in with iam.tidbapi.com,” and it will send an authorization request to TiDB Cloud, displaying a sign-in page.

After successfully completing the authorization, you need to select the resource scope (organization and project) you allow GPT to access.

And then GPT will call TiDB Cloud Open API to answer your questions.

Can’t wait to try GPT to interact with TiDB Cloud? Sign up and create a cluster for free at tidbcloud.com to get started.

Summary

OAuth integration isn’t just a convenience; it’s a game-changer for TiDB Cloud security and efficiency. By supporting OAuth 2.0, including device code and authorization code flows, TiDB Cloud enables streamlined workflows, enforces granular access controls, and enhances data security through advanced authentication methods.

You can start integrating OAuth with TiDB Cloud today to unlock a smoother, more secure cloud database experience. Just submit a request to become a Cloud & Technology Partner (select “Cloud & Technology Partner” in Partner Program) and one of our experts will reach out to you.