https://community.databricks.com/t5/administration-architecture/native-service-principal-support-in-jdbc-odbc-drivers/m-p/67003#M1090 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/83912">@harripy</a>&nbsp;</P><P>As it says in the documentation,&nbsp;</P><LI-CODE lang="markup">JDBC driver 2.6.36 and above supports Azure Databricks OAuth secrets for OAuth M2M or OAuth 2.0 client credentials authentication. Microsoft Entra ID secrets are not supported.</LI-CODE><BLOCKQUOTE><HR /><HR /></BLOCKQUOTE><P><A href="https://learn.microsoft.com/en-us/azure/databricks/integrations/jdbc/authentication#--oauth-machine-to-machine-m2m-authentication" target="_blank">https://learn.microsoft.com/en-us/azure/databricks/integrations/jdbc/authentication#--oauth-machine-to-machine-m2m-authentication</A></P> Tue, 23 Apr 2024 06:49:03 GMT daniel_sahal 2024-04-23T06:49:03Z https://community.databricks.com/t5/administration-architecture/native-service-principal-support-in-jdbc-odbc-drivers/m-p/67000#M1088 <P>Read from Databricks integration best practises about the native support for Service Principal authentication on JDBC/ODBC drivers. The timetable mentioned for this was "expected to land in 2023", is this referring to the&nbsp;<A href="https://docs.databricks.com/en/integrations/jdbc/authentication.html#oauth-machine-to-machine-m2m-authentication" target="_blank" rel="noopener">https://docs.databricks.com/en/integrations/jdbc/authentication.html#oauth-machine-to-machine-m2m-authentication</A>&nbsp;- section of the authentication documentation?<BR />The example shows parameters:</P><PRE><SPAN class="">String</SPAN> <SPAN class="">url</SPAN> <SPAN class="">=</SPAN> <SPAN class="">"jdbc:databricks://&lt;server-hostname&gt;:443"</SPAN><SPAN class="">;</SPAN> <SPAN class="">Properties</SPAN> <SPAN class="">p</SPAN> <SPAN class="">=</SPAN> <SPAN class="">new</SPAN> <SPAN class="">java</SPAN><SPAN class="">.</SPAN><SPAN class="">util</SPAN><SPAN class="">.</SPAN><SPAN class="">Properties</SPAN><SPAN class="">();</SPAN> <SPAN class="">p</SPAN><SPAN class="">.</SPAN><SPAN class="">put</SPAN><SPAN class="">(</SPAN><SPAN class="">"httpPath"</SPAN><SPAN class="">,</SPAN> <SPAN class="">"&lt;http-path&gt;"</SPAN><SPAN class="">);</SPAN> <SPAN class="">p</SPAN><SPAN class="">.</SPAN><SPAN class="">put</SPAN><SPAN class="">(</SPAN><SPAN class="">"AuthMech"</SPAN><SPAN class="">,</SPAN> <SPAN class="">"11"</SPAN><SPAN class="">);</SPAN> <SPAN class="">p</SPAN><SPAN class="">.</SPAN><SPAN class="">put</SPAN><SPAN class="">(</SPAN><SPAN class="">"Auth_Flow"</SPAN><SPAN class="">,</SPAN> <SPAN class="">"1"</SPAN><SPAN class="">);</SPAN> <SPAN class="">p</SPAN><SPAN class="">.</SPAN><SPAN class="">put</SPAN><SPAN class="">(</SPAN><SPAN class="">"OAuth2ClientId"</SPAN><SPAN class="">,</SPAN> <SPAN class="">"&lt;service-principal-application-id&gt;"</SPAN><SPAN class="">);</SPAN> <SPAN class="">p</SPAN><SPAN class="">.</SPAN><SPAN class="">put</SPAN><SPAN class="">(</SPAN><SPAN class="">"OAuth2Secret"</SPAN><SPAN class="">,</SPAN> <SPAN class="">"&lt;service-principal-oauth-secret&gt;"</SPAN><SPAN class="">);</SPAN></PRE><P>So assumably this works with Databricks Service Principals (on AWS), but does this function also in Azure with EntraID Service Principals? (at least the Tenant ID should be somehow provided still)</P> Tue, 23 Apr 2024 06:41:09 GMT https://community.databricks.com/t5/administration-architecture/native-service-principal-support-in-jdbc-odbc-drivers/m-p/67000#M1088 harripy 2024-04-23T06:41:09Z https://community.databricks.com/t5/administration-architecture/native-service-principal-support-in-jdbc-odbc-drivers/m-p/67003#M1090 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/83912">@harripy</a>&nbsp;</P><P>As it says in the documentation,&nbsp;</P><LI-CODE lang="markup">JDBC driver 2.6.36 and above supports Azure Databricks OAuth secrets for OAuth M2M or OAuth 2.0 client credentials authentication. Microsoft Entra ID secrets are not supported.</LI-CODE><BLOCKQUOTE><HR /><HR /></BLOCKQUOTE><P><A href="https://learn.microsoft.com/en-us/azure/databricks/integrations/jdbc/authentication#--oauth-machine-to-machine-m2m-authentication" target="_blank">https://learn.microsoft.com/en-us/azure/databricks/integrations/jdbc/authentication#--oauth-machine-to-machine-m2m-authentication</A></P> Tue, 23 Apr 2024 06:49:03 GMT https://community.databricks.com/t5/administration-architecture/native-service-principal-support-in-jdbc-odbc-drivers/m-p/67003#M1090 daniel_sahal 2024-04-23T06:49:03Z https://community.databricks.com/t5/administration-architecture/native-service-principal-support-in-jdbc-odbc-drivers/m-p/67067#M1097 <P>Thanks for pointing this out, so indeed the OAuth M2M should be executed only with Databricks Service Principals.</P><P>Interestingly, I found out that on Azure Databricks SQL Warehouse Permissions can not be set (at least not through GUI) for a Databricks Service Principal (the SP can not be found on the Permissions menu), so this rules out this possibility to utilise this connection method as "Can Use/Can Manage" permissions can not be given for the Databricks SP. Or is there another way to provide this?<BR /><BR /></P> Tue, 23 Apr 2024 13:44:50 GMT https://community.databricks.com/t5/administration-architecture/native-service-principal-support-in-jdbc-odbc-drivers/m-p/67067#M1097 harripy 2024-04-23T13:44:50Z