โ07-03-2025 10:49 AM
Dear all
Has anyone tried oauth token federation for authentication with Databricks REST APIs?
appreciate if there is a re-usable code snippet to achieve the same.
โ07-03-2025 12:46 PM
Documentation says - '''An account federation policy enables all users and service principals in your Azure Databricks account to access Databricks APIs using tokens from your identity provider. '''' But, in the examples that are provided, I do not see how the subject claim should be for a service principal. For an interactive user, it seems it could be user@mycompany.com
issuer: "https://idp.mycompany.com/oidc"
audiences: ["2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"]
subject_claim: "preferred_username"
Tuesday
hi @noorbasha534 , can you pleas clarify your request a bit more? What exactly are you wanting to do/accomplish?
Happy to help, if I'm able to, or pull in other resources if it's beyond my personal skillset!
6 hours ago - last edited 6 hours ago
I used to generate oauth token for databricks for my service principal using azure devops pipeline in this manner, see if this token can help you (DATABRICKS_TOKEN) which you can then use in next stages. I generate this token on sp to authenticate towards databricks so when i deploy job it should use this sp identity and not the one running on agent:
38m ago - last edited 38m ago
@noorbasha534 Here is a sample python code I use for getting oauth token from Azure Active Directory and then pass the token in databricks API. Prerequisite is the SPN needs to be a admin in the workspace.
import requests
# Azure AD credentials
tenant_id = 'your-tenant-id'
client_id = 'your-client-id'
client_secret = 'your-client-secret'
# Databricks workspace URL
databricks_instance = 'https://<your-databricks-instance>.azuredatabricks.net'
# Step 1: Get OAuth token from Azure AD
def get_aad_token(tenant_id, client_id, client_secret):
url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
payload = {
'grant_type': 'client_credentials',
'client_id': client_id,
'client_secret': client_secret
}
response = requests.post(url, data=payload)
response.raise_for_status()
return response.json()['access_token']
# Step 2: Use token to call Databricks API
def call_databricks_api(token, endpoint='/api/2.0/clusters/list'):
headers = {
'Authorization': f'Bearer {token}'
}
url = f"{databricks_instance}{endpoint}"
response = requests.get(url, headers=headers)
response.raise_for_status()
return response.json()
# Example usage
token = get_aad_token(tenant_id, client_id, client_secret)
result = call_databricks_api(token)
print(result)
Passionate about hosting events and connecting people? Help us grow a vibrant local communityโsign up today to get started!
Sign Up Now