Support custom scopes and redirectUrl for U2M OAuth flow#190
Merged
mgyucht merged 5 commits intodatabricks:mainfrom Nov 24, 2023
Merged
Support custom scopes and redirectUrl for U2M OAuth flow#190mgyucht merged 5 commits intodatabricks:mainfrom
mgyucht merged 5 commits intodatabricks:mainfrom
Conversation
mgyucht
reviewed
Nov 23, 2023
Contributor
mgyucht
left a comment
mgyucht
left a comment
There was a problem hiding this comment.
Overall seems good, but I am not sure why we would want all apps to request offline_access scope, it seems like it should be opt-in like with the /token API itself.
| sensitive = true) | ||
| private String clientSecret; | ||
|
|
||
| @ConfigAttribute(value = "scopes", env = "DATABRICKS_SCOPES", auth = "oauth", sensitive = true) |
Contributor
There was a problem hiding this comment.
Scopes are not sensitive, are they?
Contributor
Author
There was a problem hiding this comment.
Usually they are case sensitive: e.g. AzureAD/microsoft-authentication-library-for-objc#395. Not sure about Databricks handling.
Contributor
There was a problem hiding this comment.
Sensitive here means that it shouldn't be put into logs, not that it is case-sensitive.
Contributor
Author
There was a problem hiding this comment.
My bad. I misunderstood. :( Updated
| value = "redirect_url", | ||
| env = "DATABRICKS_REDIRECT_URL", | ||
| auth = "oauth", | ||
| sensitive = true) |
Contributor
There was a problem hiding this comment.
Ditto, probably not sensitive.
Contributor
Author
There was a problem hiding this comment.
Comment on lines
+123
to
+125
| } else if (!scopes.contains("offline_access")) { | ||
| scopes = new ArrayList<>(scopes); | ||
| scopes.add("offline_access"); |
Contributor
There was a problem hiding this comment.
Why should we add this always?
Contributor
Author
There was a problem hiding this comment.
Removed. Added to support refresh tokens, but clients may intentionally avoid this for short lived token use-case.
Contributor
Author
Removed that. Now it is opt-in for clients. |
mgyucht
approved these changes
Nov 24, 2023
mgyucht
added a commit
that referenced
this pull request
Nov 29, 2023
Bug fixes: * Fix databricks CLI authentication on Windows ([#192](#192)). * Fix SCIM pagination ([#193](#193)). Other changes: * Add more detailed error message on default credentials not found error ([#180](#180)). * Support custom scopes and redirectUrl for U2M OAuth flow ([#190](#190)). API Changes: * Removed `enableOptimization()` method for `workspaceClient.metastores()` service. * Added `pipelineId` field for `com.databricks.sdk.service.catalog.TableInfo`. * Added `enablePredictiveOptimization` field for `com.databricks.sdk.service.catalog.UpdateCatalog` and `com.databricks.sdk.service.catalog.UpdateSchema`. * Removed `com.databricks.sdk.service.catalog.UpdatePredictiveOptimization` and `com.databricks.sdk.service.catalog.UpdatePredictiveOptimizationResponse` class. * Added `description` field for `com.databricks.sdk.service.jobs.CreateJob` and `com.databricks.sdk.service.jobs.JobSettings`. * Added `listNetworkConnectivityConfigurations()` and `listPrivateEndpointRules()` methods for `accountClient.networkConnectivity()` service. * Added `com.databricks.sdk.service.settings.ListNccAzurePrivateEndpointRulesResponse`, `com.databricks.sdk.service.settings.ListNetworkConnectivityConfigurationsRequest`, `com.databricks.sdk.service.settings.ListNetworkConnectivityConfigurationsResponse`, and `com.databricks.sdk.service.settings.ListPrivateEndpointRulesRequest` classes. * Added `stringSharedAs` field for `com.databricks.sdk.service.sharing.SharedDataObject`. OpenAPI SHA: 22f09783eb8a84d52026f856be3b2068f9498db3, Date: 2023-11-23 Dependency updates: * Bump API spec: 23 Nov 2023 ([#191](#191)).
Merged
github-merge-queue bot
pushed a commit
that referenced
this pull request
Nov 29, 2023
Bug fixes: * Fix databricks CLI authentication on Windows ([#192](#192)). * Fix SCIM pagination ([#193](#193)). Other changes: * Add more detailed error message on default credentials not found error ([#180](#180)). * Support custom scopes and redirectUrl for U2M OAuth flow ([#190](#190)). API Changes: * Removed `enableOptimization()` method for `workspaceClient.metastores()` service. * Added `pipelineId` field for `com.databricks.sdk.service.catalog.TableInfo`. * Added `enablePredictiveOptimization` field for `com.databricks.sdk.service.catalog.UpdateCatalog` and `com.databricks.sdk.service.catalog.UpdateSchema`. * Removed `com.databricks.sdk.service.catalog.UpdatePredictiveOptimization` and `com.databricks.sdk.service.catalog.UpdatePredictiveOptimizationResponse` class. * Added `description` field for `com.databricks.sdk.service.jobs.CreateJob` and `com.databricks.sdk.service.jobs.JobSettings`. * Added `listNetworkConnectivityConfigurations()` and `listPrivateEndpointRules()` methods for `accountClient.networkConnectivity()` service. * Added `com.databricks.sdk.service.settings.ListNccAzurePrivateEndpointRulesResponse`, `com.databricks.sdk.service.settings.ListNetworkConnectivityConfigurationsRequest`, `com.databricks.sdk.service.settings.ListNetworkConnectivityConfigurationsResponse`, and `com.databricks.sdk.service.settings.ListPrivateEndpointRulesRequest` classes. * Added `stringSharedAs` field for `com.databricks.sdk.service.sharing.SharedDataObject`. OpenAPI SHA: 22f09783eb8a84d52026f856be3b2068f9498db3, Date: 2023-11-23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Added following utility methods to DatabricksConfig
a. setRedirectUrl: This will be passed to OAuthClient and will be used in U2M OAuth flow if client wants to provide a custom redirect Url as per OAuth configuration of their application.
b. setScopes: Clients can set custom scopes for U2M OAuth flow. If offline_access is not present, it will be added to the scopes for refresh token support.
Tests
Tested manually using JDBC driver as a client. Also, added test case for custom values of redirectUrl and scopes.