cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Get Started Discussions
Start your journey with Databricks by joining discussions on getting started guides, tutorials, and introductory topics. Connect with beginners and experts alike to kickstart your Databricks experience.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to change the OAuth token lifetime and the maximum number of OAuth tokens

minhngc4795
New Contributor II

ā€Ž08-12-2024 07:11 PM

Hi team,

Iā€™m working on generating an OAuth token using a service principal, following the instructions here: https://docs.databricks.com/en/dev-tools/auth/oauth-m2m.html#language-CLI, specifically the section on manually generating a workspace-level access token with the API (https://<databricks-instance>/oidc/v1/token).

However, I've encountered two issues:

  1. Iā€™m unable to customize the token expiration time. Iā€™ve tried parameters like lifetime_seconds and expires_in, but they donā€™t seem to work. Could you clarify the correct parameter to use for setting a custom token lifetime?

  2. If the token expiration is indeed fixed at 1 hour, what is the maximum number of OAuth tokens that can be generated within my workspace or account? (within 1 hour or 1 day)

Thanks in advance for your help!

0 Kudos
5 REPLIES 5

szymon_dybczak
Esteemed Contributor III

ā€Ž08-12-2024 08:38 PM

Hi @minhngc4795 ,

You can use below REST API endpoint to do that: 

https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken

More info you can find at below article: 

https://kb.databricks.com/security/set-an-unlimited-lifetime-for-service-principal-access-token

0 Kudos

minhngc4795
New Contributor II
In response to szymon_dybczak

ā€Ž08-12-2024 10:01 PM

Thank you for your reply @szymon_dybczak 

However, I can't use those APIs with my current state. So I followed the website, and got only the Client ID (Application ID) and Client Secret for the Workspace level access.

Try to reproduce your link but not works for me. Non Authorization for Client ID + Client Secret 

0 Kudos

szymon_dybczak
Esteemed Contributor III
In response to minhngc4795

ā€Ž08-12-2024 11:43 PM

Hi, 

But why can't you use these APIs? To make it work your service principal needs to be added to your databricks workkspace and be added to admins group.There is no other way to change Oauth token liftetime than using this API

Retired_mod
Esteemed Contributor III

ā€Ž08-14-2024 12:55 AM

Hi @minhngc4795, Thanks for reaching out! Please review the responses and let us know which best addresses your question. Your feedback is valuable to us and the community. If the response resolves your issue, kindly mark it as the accepted solution. This will help close the thread and assist others with similar queries. We appreciate your participation and are here if you need further assistance!

0 Kudos

minhngc4795
New Contributor II

ā€Ž08-22-2024 01:32 AM

Thank you for your reply @szymon_dybczak 

service principal added to admins group: This is the problem @szymon_dybczak, we don't want that service principal to get the admin privilege, it should have access to some tables/schemas in our workspace but not all of them.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityā€”sign up today to get started!

Sign Up Now
Announcements
Top