topic Oauth Token federation in Administration & Architecture https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/123940#M3576 <P>Dear all</P><P>Has anyone tried oauth token federation for authentication with Databricks REST APIs?</P><P>appreciate if there is a re-usable code snippet to achieve the same.</P> Thu, 03 Jul 2025 17:49:14 GMT noorbasha534 2025-07-03T17:49:14Z Oauth Token federation https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/123940#M3576 <P>Dear all</P><P>Has anyone tried oauth token federation for authentication with Databricks REST APIs?</P><P>appreciate if there is a re-usable code snippet to achieve the same.</P> Thu, 03 Jul 2025 17:49:14 GMT https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/123940#M3576 noorbasha534 2025-07-03T17:49:14Z Re: Oauth Token federation https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/123944#M3577 <P><SPAN>Documentation says - '''An account federation policy enables all users and service principals in your Azure Databricks account to access Databricks APIs using tokens from your identity provider.&nbsp;'''' But, in the examples that are provided, I do not see how the subject claim should be for a service principal. For an interactive user, it seems it could be user@mycompany.com</SPAN></P><P><SPAN>issuer: "<A href="https://idp.mycompany.com/oidc" target="_blank" rel="noopener">https://idp.mycompany.com/oidc</A>"<BR />audiences: ["2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"]<BR />subject_claim: "preferred_username"</SPAN></P> Thu, 03 Jul 2025 19:46:56 GMT https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/123944#M3577 noorbasha534 2025-07-03T19:46:56Z Re: Oauth Token federation https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/133412#M4130 <P>hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/124839">@noorbasha534</a>&nbsp;, can you pleas clarify your request a bit more? What exactly are you wanting to do/accomplish?</P> <P>Happy to help, if I'm able to, or pull in other resources if it's beyond my personal skillset!</P> Wed, 01 Oct 2025 05:36:26 GMT https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/133412#M4130 jack_zaldivar 2025-10-01T05:36:26Z Re: Oauth Token federation https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/133521#M4142 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/124839">@noorbasha534</a>&nbsp;</P><P>I used to generate oauth token for databricks for my service principal using azure devops pipeline in this manner, see if this token can help you (<SPAN>DATABRICKS_TOKEN) which you can then use in next stages. I generate this token on sp to authenticate towards databricks so when i deploy job it should use this sp identity and not the one running on agent</SPAN>:</P><P>&nbsp;</P><DIV><DIV><SPAN>&nbsp;-&nbsp;</SPAN><SPAN>stage</SPAN><SPAN>&nbsp;:&nbsp;</SPAN><SPAN>Create_oauth_token</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>condition</SPAN><SPAN>&nbsp;:&nbsp;</SPAN><SPAN>succeeded()</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>jobs</SPAN><SPAN>&nbsp;:</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;</SPAN><SPAN>job</SPAN><SPAN>&nbsp;:&nbsp;</SPAN><SPAN>oauth_bearer_token_sp</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>steps</SPAN><SPAN>:</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;</SPAN><SPAN>script</SPAN><SPAN>:&nbsp;|</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;wget&nbsp;<A href="https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux32" target="_blank" rel="noopener">https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux32</A>&nbsp;-O&nbsp;$(Build.Repository.LocalPath)/jq</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;chmod&nbsp;+x&nbsp;$(Build.Repository.LocalPath)/jq</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>displayName</SPAN><SPAN>:&nbsp;</SPAN><SPAN>Install&nbsp;jq</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>condition</SPAN><SPAN>:&nbsp;</SPAN><SPAN>succeeded()</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;</SPAN><SPAN>script</SPAN><SPAN>:&nbsp;|</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;[[&nbsp;${{&nbsp;variables.env}}&nbsp;-eq&nbsp;'dev'&nbsp;]]</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;then</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>CLIENT_ID=${{&nbsp;parameters.sp_app_id_dev}}</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>CLIENT_SECRET=$SP_SECRET_DEV</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>DATABRICKS_WORKSPACE_URL=${{&nbsp;parameters.databricks_wrkspc_url_dev}}</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>elif&nbsp;[[&nbsp;${{&nbsp;variables.env}}&nbsp;-eq&nbsp;'acc'&nbsp;]]</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>then</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>CLIENT_ID=${{&nbsp;parameters.sp_app_id_acc}}</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>CLIENT_SECRET=$SP_SECRET_ACC</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>DATABRICKS_WORKSPACE_URL=${{&nbsp;parameters.databricks_wrkspc_url_acc}}</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>else</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>CLIENT_ID=${{&nbsp;parameters.sp_app_id_prd}}</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>CLIENT_SECRET=$SP_SECRET_PRD</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>DATABRICKS_WORKSPACE_URL=${{&nbsp;parameters.databricks_wrkspc_url_prd}}</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>fi</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>DATABRICKS_URL="$DATABRICKS_WORKSPACE_URL/api/2.0/token/create"</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>access_token_val=$(curl&nbsp;-X&nbsp;POST&nbsp;-H&nbsp;'Content-Type</SPAN><SPAN>:&nbsp;</SPAN><SPAN>application/x-www-form-urlencoded'&nbsp;\</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN><A href="https://login.microsoftonline.com/af73baa8-f594-4eb2-a39d-93e96cad61fc/oauth2/v2.0/token" target="_blank" rel="noopener">https://login.microsoftonline.com/af73baa8-f5xxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token</A>&nbsp;\</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>-d&nbsp;"client_id=$CLIENT_ID"&nbsp;\</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>-d&nbsp;'grant_type=client_credentials'\</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>-d&nbsp;'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default'&nbsp;\</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>-d&nbsp;"client_secret=$CLIENT_SECRET")</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>access_token=$(jq&nbsp;-r&nbsp;'.access_token'&nbsp;&lt;&lt;&lt;&nbsp;"$access_token_val")</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>echo&nbsp;$access_token</SPAN></DIV><BR /><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>api_response=$(curl&nbsp;-X&nbsp;POST&nbsp;$DATABRICKS_URL&nbsp;\</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>-H&nbsp;"Authorization</SPAN><SPAN>:&nbsp;</SPAN><SPAN>Bearer&nbsp;$access_token"&nbsp;\</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>-H&nbsp;"X-Databricks-Azure-SP-Management-Token:$access_token"&nbsp;\</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>-d&nbsp;'{"comment"</SPAN><SPAN>:&nbsp;</SPAN><SPAN>"pipeline&nbsp;token"}')</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>echo&nbsp;"$api_response"</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>DATABRICKS_NEW_TOKEN=$(jq&nbsp;-r&nbsp;'.token_value'&nbsp;&lt;&lt;&lt;&nbsp;"$api_response")</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>if&nbsp;[&nbsp;-z&nbsp;"${DATABRICKS_NEW_TOKEN}"&nbsp;]</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>then</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>echo&nbsp;"Token&nbsp;could&nbsp;not&nbsp;be&nbsp;created"</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>exit&nbsp;1</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>else</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>echo&nbsp;"Successfully&nbsp;created&nbsp;a&nbsp;Databricks&nbsp;Token"</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>echo&nbsp;"</SPAN><SPAN>##vso[task.setvariable&nbsp;variable=DATABRICKS_TOKEN;isOutput=true]$DATABRICKS_NEW_TOKEN"</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>echo&nbsp;"</SPAN><SPAN>##vso[task.setvariable&nbsp;variable=ACCESS_TOKEN;isOutput=true]$access_token"</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>fi</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>displayName</SPAN><SPAN>:&nbsp;</SPAN><SPAN>'Create&nbsp;oauth&nbsp;token'</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>name</SPAN><SPAN>:&nbsp;</SPAN><SPAN>oauth</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>condition</SPAN><SPAN>:&nbsp;</SPAN><SPAN>succeeded()</SPAN></DIV></DIV> Thu, 02 Oct 2025 08:29:20 GMT https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/133521#M4142 saurabh18cs 2025-10-02T08:29:20Z Re: Oauth Token federation https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/133546#M4144 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/124839">@noorbasha534</a>&nbsp; Here is a sample python code I use for getting oauth token from Azure Active Directory and then pass the token in databricks API. Prerequisite is the SPN needs to be a admin in the workspace.</P><LI-CODE lang="python">import requests # Azure AD credentials tenant_id = 'your-tenant-id' client_id = 'your-client-id' client_secret = 'your-client-secret' # Databricks workspace URL databricks_instance = 'https://&lt;your-databricks-instance&gt;.azuredatabricks.net' # Step 1: Get OAuth token from Azure AD def get_aad_token(tenant_id, client_id, client_secret): url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token" payload = { 'grant_type': 'client_credentials', 'client_id': client_id, 'client_secret': client_secret } response = requests.post(url, data=payload) response.raise_for_status() return response.json()['access_token'] # Step 2: Use token to call Databricks API def call_databricks_api(token, endpoint='/api/2.0/clusters/list'): headers = { 'Authorization': f'Bearer {token}' } url = f"{databricks_instance}{endpoint}" response = requests.get(url, headers=headers) response.raise_for_status() return response.json() # Example usage token = get_aad_token(tenant_id, client_id, client_secret) result = call_databricks_api(token) print(result)</LI-CODE><P>&nbsp;</P> Thu, 02 Oct 2025 14:08:18 GMT https://community.databricks.com/t5/administration-architecture/oauth-token-federation/m-p/133546#M4144 nayan_wylde 2025-10-02T14:08:18Z