cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
Help
Community Platform Discussions
Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

How to change the OAuth token lifetime and the maximum number of OAuth tokens

minhngc4795
New Contributor II

ā€Ž08-12-2024 07:11 PM

Hi team,

Iā€™m working on generating an OAuth token using a service principal, following the instructions here: https://docs.databricks.com/en/dev-tools/auth/oauth-m2m.html#language-CLI, specifically the section on manually generating a workspace-level access token with the API (https://<databricks-instance>/oidc/v1/token).

However, I've encountered two issues:

  1. Iā€™m unable to customize the token expiration time. Iā€™ve tried parameters like lifetime_seconds and expires_in, but they donā€™t seem to work. Could you clarify the correct parameter to use for setting a custom token lifetime?

  2. If the token expiration is indeed fixed at 1 hour, what is the maximum number of OAuth tokens that can be generated within my workspace or account? (within 1 hour or 1 day)

Thanks in advance for your help!

0 Kudos
5 REPLIES 5

szymon_dybczak
Contributor

ā€Ž08-12-2024 08:38 PM

Hi @minhngc4795 ,

You can use below REST API endpoint to do that: 

https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken

More info you can find at below article: 

https://kb.databricks.com/security/set-an-unlimited-lifetime-for-service-principal-access-token

0 Kudos

minhngc4795
New Contributor II
In response to szymon_dybczak

ā€Ž08-12-2024 10:01 PM

Thank you for your reply @szymon_dybczak 

However, I can't use those APIs with my current state. So I followed the website, and got only the Client ID (Application ID) and Client Secret for the Workspace level access.

Try to reproduce your link but not works for me. Non Authorization for Client ID + Client Secret 

0 Kudos

szymon_dybczak
Contributor
In response to minhngc4795

ā€Ž08-12-2024 11:43 PM

Hi, 

But why can't you use these APIs? To make it work your service principal needs to be added to your databricks workkspace and be added to admins group.There is no other way to change Oauth token liftetime than using this API

Kaniz_Fatma
Community Manager
Community Manager

ā€Ž08-14-2024 12:55 AM

Hi @minhngc4795, Thanks for reaching out! Please review the responses and let us know which best addresses your question. Your feedback is valuable to us and the community. If the response resolves your issue, kindly mark it as the accepted solution. This will help close the thread and assist others with similar queries. We appreciate your participation and are here if you need further assistance!

0 Kudos

minhngc4795
New Contributor II

4 weeks ago

Thank you for your reply @szymon_dybczak 

service principal added to admins group: This is the problem @szymon_dybczak, we don't want that service principal to get the admin privilege, it should have access to some tables/schemas in our workspace but not all of them.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonā€™t want to miss the chance to attend and share knowledge.

If there isnā€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements