cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Native service principal support in JDBC/ODBC drivers

Go to solution
harripy
New Contributor III

2 weeks ago

Read from Databricks integration best practises about the native support for Service Principal authentication on JDBC/ODBC drivers. The timetable mentioned for this was "expected to land in 2023", is this referring to the https://docs.databricks.com/en/integrations/jdbc/authentication.html#oauth-machine-to-machine-m2m-au... - section of the authentication documentation?
The example shows parameters:

String url = "jdbc:databricks://<server-hostname>:443";
Properties p = new java.util.Properties();
p.put("httpPath", "<http-path>");
p.put("AuthMech", "11");
p.put("Auth_Flow", "1");
p.put("OAuth2ClientId", "<service-principal-application-id>");
p.put("OAuth2Secret", "<service-principal-oauth-secret>");

So assumably this works with Databricks Service Principals (on AWS), but does this function also in Azure with EntraID Service Principals? (at least the Tenant ID should be somehow provided still)

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
daniel_sahal
Esteemed Contributor

2 weeks ago

@harripy 

As it says in the documentation, 

JDBC driver 2.6.36 and above supports Azure Databricks OAuth secrets for OAuth M2M or OAuth 2.0 client credentials authentication. Microsoft Entra ID secrets are not supported.

https://learn.microsoft.com/en-us/azure/databricks/integrations/jdbc/authentication#--oauth-machine-...

View solution in original post

2 REPLIES 2

Go to solution
daniel_sahal
Esteemed Contributor

2 weeks ago

@harripy 

As it says in the documentation, 

JDBC driver 2.6.36 and above supports Azure Databricks OAuth secrets for OAuth M2M or OAuth 2.0 client credentials authentication. Microsoft Entra ID secrets are not supported.

https://learn.microsoft.com/en-us/azure/databricks/integrations/jdbc/authentication#--oauth-machine-...

Go to solution
harripy
New Contributor III
In response to daniel_sahal

2 weeks ago

Thanks for pointing this out, so indeed the OAuth M2M should be executed only with Databricks Service Principals.

Interestingly, I found out that on Azure Databricks SQL Warehouse Permissions can not be set (at least not through GUI) for a Databricks Service Principal (the SP can not be found on the Permissions menu), so this rules out this possibility to utilise this connection method as "Can Use/Can Manage" permissions can not be given for the Databricks SP. Or is there another way to provide this?

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.