You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the docs authentication using an Azure Entra ID service srincipal is not supported. However, if I generate a token using the msal library I can successfully execute queries using my service principal. The only issue is then the refreshing of the token. Since it is handed off to the library I cannot actively refresh it, and the token seems to expire in ~4h.
From these observations it seems like a minor task to implement support for service principal auth, since the current auth flow supports the tokens generated from msal. Also the databricks-sdk package supports azure service principal auth, so it would make sense to leverage that code base for auth handling.
Example code:
# Azure Service Principal detailstenant_id=os.environ["AZURE_TENANT_ID"]
client_id=os.environ["AZURE_CLIENT_ID"]
client_secret=os.environ["AZURE_CLIENT_SECRET"]
# Authority URLauthority=f"https://login.microsoftonline.com/{tenant_id}"# Scope for Azure Databricksscope= ["2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/.default"]
# Create a confidential client applicationapp=msal.ConfidentialClientApplication(
client_id,
authority=authority,
client_credential=client_secret,
)
# Acquire a tokenresult=app.acquire_token_for_client(scopes=scope)
if"access_token"inresult:
access_token=result["access_token"]
connection=sql.connect(
server_hostname="...",
http_path="...",
access_token=access_token,
)
cursor=connection.cursor()
cursor.execute("SELECT * from range(10)")
print(cursor.fetchall())
cursor.close()
connection.close()
else:
print("Error obtaining token:", result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id"))
Hi,
According to the docs authentication using an Azure Entra ID service srincipal is not supported. However, if I generate a token using the
msallibrary I can successfully execute queries using my service principal. The only issue is then the refreshing of the token. Since it is handed off to the library I cannot actively refresh it, and the token seems to expire in ~4h.From these observations it seems like a minor task to implement support for service principal auth, since the current auth flow supports the tokens generated from
msal. Also thedatabricks-sdkpackage supports azure service principal auth, so it would make sense to leverage that code base for auth handling.Example code: