Manage OAuth for partner solutions

Preview

This feature is in Public Preview.

This article describes how to manage the OAuth application integrations that you configured in the following articles:

Before you begin

Before you modify OAuth application integrations, do the following:

  • Install cURL or an alternative tool for issuing HTTP requests (Mac OS, Windows).

  • Locate your account ID.

  • Locate the ID of the OAuth application integration you want to modify.

    • For dbt Core, Power BI, or Tableau Desktop, run the following curl command:

      curl -X GET https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/ published-app-integrations
      --header "Authorization: Bearer $OAUTH_TOKEN"
      
    • For Tableau Cloud or Tableau Server, run the following curl command:

      curl -X GET https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/custom-app-integrations
      --header "Authorization: Bearer $OAUTH_TOKEN"
      

Authenticate to the Account API

Preview

OAuth is in Public Preview.

To authenticate to the Account API, you can use Databricks OAuth for service principals, Databricks OAuth for users, or a Databricks account admin’s username and password. Databricks strongly recommends that you use Databricks OAuth for users or service principals. A service principal is an identity that you create in Databricks for use with automated tools, jobs, and applications. To create an OAuth token, see Authentication using OAuth for service principals.

Use the following examples to authenticate to a Databricks account. You can use OAuth for service principals, OAuth for users, or a user’s username and password. For background, see:

For authentication examples, choose from the following:

  1. Install Databricks CLI version 0.205 or above. See Install or update the Databricks CLI.

  2. Complete the steps to configure OAuth M2M authentication for service principals in the account. See OAuth machine-to-machine (M2M) authentication.

  3. Identify or manually create a Databricks configuration profile in your .databrickscfg file, with the profile’s fields set correctly for the related host, account_id, and client_id and client_secret mapping to the service principal. See OAuth machine-to-machine (M2M) authentication.

  4. Run your target Databricks CLI command, where <profile-name> represents the name of the configuration profile in your .databrickscfg file:

    databricks account <command-name> <subcommand-name> -p <profile-name>
    

    For example, to list all users in the account:

    databricks account users list -p MY-AWS-ACCOUNT
    
    • For a list of available account commands, run the command databricks account -h.

    • For a list of available subcommands for an account command, run the command databricks account <command-name> -h.

  1. Install Databricks CLI version 0.205 or above. See Install or update the Databricks CLI.

  2. Complete the steps to configure OAuth U2M authentication for users in the account. See OAuth user-to-machine (U2M) authentication.

  3. Start the user authentication process by running the following Databricks CLI command:

    databricks auth login --host <account-console-url> --account-id <account-id>
    

    For example:

    databricks auth login --host https://accounts.cloud.databricks.com --account-id 00000000-0000-0000-0000-000000000000
    

    Note

    If you have an existing Databricks configuration profile with the host and account_id fields already set, you can substitute --host <account-console-url> --account-id <account-id> with --profile <profile-name>.

  4. Follow the on-screen instructions to have the Databricks CLI automatically create the related Databricks configuration profile in your .databrickscfg file.

  5. Continue following the on-screen instructions to sign in to your Databricks account through your web browser.

  6. Run your target Databricks CLI command, where <profile-name> represents the name of the configuration profile in your .databrickscfg file:

    databricks account <command-name> <subcommand-name> -p <profile-name>
    

    For example, to list all users in the account:

    databricks account users list -p ACCOUNT-00000000-0000-0000-0000-000000000000
    
    • For a list of available account commands, run the command databricks account -h.

    • For a list of available subcommands for an account command, run the command databricks account <command-name> -h.

  1. Install Databricks CLI version 0.205 or above. See Install or update the Databricks CLI.

  2. Identify or manually create a Databricks configuration profile in your .databrickscfg file, with the profile’s fields set correctly for the related host, account_id, and username and password mapping to your Databricks user account. See Basic authentication.

  3. Run your target Databricks CLI command, where <profile-name> represents the name of the configuration profile in your .databrickscfg file:

    databricks account <command-name> <subcommand-name> -p <profile-name>
    

    For example, to list all users in the account:

    databricks account users list -p MY-AWS-ACCOUNT
    
    • For a list of available account commands, run the command databricks account -h.

    • For a list of available subcommands for an account command, run the command databricks account <command-name> -h.

Disable OAuth for dbt Core, Power BI, or Tableau Desktop

To disable OAuth for dbt Core, Power BI, or Tableau Desktop, run the following curl command, replacing <integration-id> with either databricks-dbt-adapter, power-bi, or tableau-desktop:

curl -X DELETE https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/published-app-integrations/<Integration ID> \
--header "Authorization: Bearer $OAUTH_TOKEN"

Override the default token lifetime policy for dbt Core, Power BI, or Tableau Desktop

To override the default token lifecycle policy for dbt Core, Power BI, or Tableau Desktop, run the following curl command, replacing <integration-id> with either databricks-dbt-adapter, power-bi, or tableau-desktop:

curl -X PATCH -d '{ "token_access_policy": {"access_token_ttl_in_minutes":10,"refresh_token_ttl_in_minutes":200} }' https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/published-app-integrations/<Integration ID> \
--header "Authorization: Bearer $OAUTH_TOKEN"

Important

(Windows) You must use double quotes around the data argument and escape all quotes inside this. For example:

curl -X PATCH -d "{ \"token_access_policy\": {\"access_token_ttl_in_minutes\":10,\"refresh_token_ttl_in_minutes\":200} }" https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/published-app-integrations/<Integration ID> \
--header "Authorization: Bearer $OAUTH_TOKEN"

Disable OAuth for Tableau Cloud or Tableau Server

To disable OAuth for Tableau Cloud or Tableau Server, run the following curl command:

curl -X DELETE https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/custom-app-integrations/<Integration ID> \
--header "Authorization: Bearer $OAUTH_TOKEN"

Override the default token lifetime policy for Tableau Cloud or Tableau Server

To override the default token lifecycle policy for Tableau Cloud or Tableau Server, run the following curl command:

curl -X PATCH -d '{ "token_access_policy": {"access_token_ttl_in_minutes":10,"refresh_token_ttl_in_minutes":200} }' https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/custom-app-integrations/<Integration ID> \
--header "Authorization: Bearer $OAUTH_TOKEN"

Important

(Windows) You must use double quotes around the data argument and escape all quotes inside this. For example:

curl -X PATCH -d "{ \"token_access_policy\": {\"access_token_ttl_in_minutes\":10,\"refresh_token_ttl_in_minutes\":200} }" https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/custom-app-integrations/<Integration ID> \
--header "Authorization: Bearer $OAUTH_TOKEN"