ā08-12-2024 07:11 PM
Hi team,
Iām working on generating an OAuth token using a service principal, following the instructions here: https://docs.databricks.com/en/dev-tools/auth/oauth-m2m.html#language-CLI, specifically the section on manually generating a workspace-level access token with the API (https://<databricks-instance>/oidc/v1/token).
However, I've encountered two issues:
Iām unable to customize the token expiration time. Iāve tried parameters like lifetime_seconds and expires_in, but they donāt seem to work. Could you clarify the correct parameter to use for setting a custom token lifetime?
If the token expiration is indeed fixed at 1 hour, what is the maximum number of OAuth tokens that can be generated within my workspace or account? (within 1 hour or 1 day)
Thanks in advance for your help!
ā08-12-2024 08:38 PM
Hi @minhngc4795 ,
You can use below REST API endpoint to do that:
https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken
More info you can find at below article:
https://kb.databricks.com/security/set-an-unlimited-lifetime-for-service-principal-access-token
ā08-12-2024 10:01 PM
Thank you for your reply @szymon_dybczak
However, I can't use those APIs with my current state. So I followed the website, and got only the Client ID (Application ID) and Client Secret for the Workspace level access.
Try to reproduce your link but not works for me. Non Authorization for Client ID + Client Secret
ā08-12-2024 11:43 PM
Hi,
But why can't you use these APIs? To make it work your service principal needs to be added to your databricks workkspace and be added to admins group.There is no other way to change Oauth token liftetime than using this API
ā08-14-2024 12:55 AM
Hi @minhngc4795, Thanks for reaching out! Please review the responses and let us know which best addresses your question. Your feedback is valuable to us and the community. If the response resolves your issue, kindly mark it as the accepted solution. This will help close the thread and assist others with similar queries. We appreciate your participation and are here if you need further assistance!
4 weeks ago
Thank you for your reply @szymon_dybczak
service principal added to admins group: This is the problem @szymon_dybczak, we don't want that service principal to get the admin privilege, it should have access to some tables/schemas in our workspace but not all of them.
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonāt want to miss the chance to attend and share knowledge.
If there isnāt a group near you, start one and help create a community that brings people together.
Request a New Group