Databricks Community

marchino · ‎07-26-2023

Hi,

since I have to read from a Databricks table from an external API I created a Service Principal that would start a cluster and perform the operation, to authenticate the request on behalf of the Service Principal I generate the OAuth token following a Databricks guide (https://docs.gcp.databricks.com/dev-tools/authentication-google-id.html) but I see that the token expires in 1 hour, how can I change that?

Thank you

marchino · ‎07-26-2023

Hi @Retired_mod ,

thank you for your answer, but even though I made the request including in the POST's body the parameter "lifetime_seconds" with value 86400 it still returns me a token with a lifetime of 3600.

What could be the problem? In addition to that I'm not seeing any reference to the "lifetime_seconds" parameter in the link you posted, thank you again for your support!

NandiniN · ‎07-27-2023

Hello @marchino

Based on the document https://docs.databricks.com/dev-tools/authentication-oauth.htmlThe access token will expire in one hour. You must request a new OAuth access token after the expiration. Personal Access Token is good until it expires but the service principal has to request a session token once an hour. Personal Access Tokens for users can be generated with any expiration date, including an indefinite lifetime, but Personal Access Tokens for service principals typically expire within one hour. This is because service principals are recommended for use with automated tools, systems, scripts, and apps, and it is considered a security best practice to have tokens that expire frequently to reduce the risk of unauthorized access.