fmt

hectorcast-db · hectorcast-db · commit 5e1cca759013 · 2026-02-10T14:38:53.000Z
diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java
@@ -59,7 +59,7 @@ public OAuthHeaderFactory configure(DatabricksConfig config) {
     String clientId = OAuthClientUtils.resolveClientId(config);
     String clientSecret = OAuthClientUtils.resolveClientSecret(config);
     OpenIDConnectEndpoints oidcEndpoints = null;
-    try  {
+    try {
       oidcEndpoints = OAuthClientUtils.resolveOidcEndpoints(config);
     } catch (IOException e) {
       LOGGER.error("Failed to resolve OIDC endpoints: {}", e.getMessage());
@@ -132,7 +132,11 @@ protected List<String> getScopes(DatabricksConfig config, OpenIDConnectEndpoints
   }
 
   CachedTokenSource performBrowserAuth(
-      DatabricksConfig config, String clientId, String clientSecret, TokenCache tokenCache, OpenIDConnectEndpoints oidcEndpoints)
+      DatabricksConfig config,
+      String clientId,
+      String clientSecret,
+      TokenCache tokenCache,
+      OpenIDConnectEndpoints oidcEndpoints)
       throws IOException {
     LOGGER.debug("Performing browser authentication");
 
diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClientUtils.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClientUtils.java
@@ -44,27 +44,30 @@ public static String resolveClientSecret(DatabricksConfig config) {
   }
 
   /**
-   * Resolves the OAuth OIDC endpoints from the configuration. Prioritizes regular OIDC endpoints, then Azure OIDC endpoints.
-   * If the client ID and client secret are provided, the OIDC endpoints are fetched from the discovery URL.
-   * If the Azure client ID and client secret are provided, the OIDC endpoints are fetched from the Azure AD endpoint.
-   * If no client ID and client secret are provided, the OIDC endpoints are fetched from the default OIDC endpoints.
+   * Resolves the OAuth OIDC endpoints from the configuration. Prioritizes regular OIDC endpoints,
+   * then Azure OIDC endpoints. If the client ID and client secret are provided, the OIDC endpoints
+   * are fetched from the discovery URL. If the Azure client ID and client secret are provided, the
+   * OIDC endpoints are fetched from the Azure AD endpoint. If no client ID and client secret are
+   * provided, the OIDC endpoints are fetched from the default OIDC endpoints.
+   *
    * @param config The Databricks configuration
    * @return The resolved OIDC endpoints
    * @throws IOException if the OIDC endpoints cannot be resolved
    */
-  public static OpenIDConnectEndpoints resolveOidcEndpoints(DatabricksConfig config) throws IOException {
+  public static OpenIDConnectEndpoints resolveOidcEndpoints(DatabricksConfig config)
+      throws IOException {
     if (config.getClientId() != null && config.getClientSecret() != null) {
       return config.getOidcEndpoints();
-    } else if (config.getAzureClientId() != null && config.getAzureClientSecret() != null) { 
-        Request request = new Request("GET", config.getHost() + "/oidc/oauth2/v2.0/authorize");
-        request.setRedirectionBehavior(false);
-        Response resp = config.getHttpClient().execute(request);
-        String realAuthUrl = resp.getFirstHeader("location");
-        if (realAuthUrl == null) {
-          return null;
-        }
-        return new OpenIDConnectEndpoints(
-            realAuthUrl.replaceAll("/authorize", "/token"), realAuthUrl);
+    } else if (config.getAzureClientId() != null && config.getAzureClientSecret() != null) {
+      Request request = new Request("GET", config.getHost() + "/oidc/oauth2/v2.0/authorize");
+      request.setRedirectionBehavior(false);
+      Response resp = config.getHttpClient().execute(request);
+      String realAuthUrl = resp.getFirstHeader("location");
+      if (realAuthUrl == null) {
+        return null;
+      }
+      return new OpenIDConnectEndpoints(
+          realAuthUrl.replaceAll("/authorize", "/token"), realAuthUrl);
     }
     return config.getOidcEndpoints();
   }
diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java
@@ -365,7 +365,12 @@ void cacheWithValidNonRefreshableTokenTest() throws IOException {
 
     // Verify performBrowserAuth was NOT called.
     Mockito.verify(provider, Mockito.never())
-        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class), any(OpenIDConnectEndpoints.class));
+        .performBrowserAuth(
+            any(DatabricksConfig.class),
+            any(),
+            any(),
+            any(TokenCache.class),
+            any(OpenIDConnectEndpoints.class));
 
     // Verify no token was saved (we're using the cached one as-is).
     Mockito.verify(mockTokenCache, Mockito.never()).save(any(Token.class));
@@ -433,8 +438,7 @@ void cacheWithInvalidAccessTokenValidRefreshTest() throws IOException {
             any(String.class),
             any(String.class),
             any(TokenCache.class),
-            any(OpenIDConnectEndpoints.class)
-        );
+            any(OpenIDConnectEndpoints.class));
 
     // Verify token was saved back to cache
     Mockito.verify(mockTokenCache, Mockito.times(1)).save(any(Token.class));
@@ -512,7 +516,12 @@ void cacheWithInvalidAccessTokenRefreshFailingTest() throws IOException {
         Mockito.spy(new ExternalBrowserCredentialsProvider(mockTokenCache));
     Mockito.doReturn(cachedTokenSource)
         .when(provider)
-        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class), any(OpenIDConnectEndpoints.class));
+        .performBrowserAuth(
+            any(DatabricksConfig.class),
+            any(),
+            any(),
+            any(TokenCache.class),
+            any(OpenIDConnectEndpoints.class));
 
     // Spy on the config to inject the endpoints
     DatabricksConfig spyConfig = Mockito.spy(config);
@@ -531,7 +540,12 @@ void cacheWithInvalidAccessTokenRefreshFailingTest() throws IOException {
 
     // Verify performBrowserAuth was called since refresh failed
     Mockito.verify(provider, Mockito.times(1))
-        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class), any(OpenIDConnectEndpoints.class));
+        .performBrowserAuth(
+            any(DatabricksConfig.class),
+            any(),
+            any(),
+            any(TokenCache.class),
+            any(OpenIDConnectEndpoints.class));
 
     // Verify token was saved after browser auth (for the new token)
     Mockito.verify(mockTokenCache, Mockito.times(1)).save(any(Token.class));
@@ -584,7 +598,12 @@ void cacheWithInvalidTokensTest() throws IOException {
         Mockito.spy(new ExternalBrowserCredentialsProvider(mockTokenCache));
     Mockito.doReturn(cachedTokenSource)
         .when(provider)
-        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class), any(OpenIDConnectEndpoints.class));
+        .performBrowserAuth(
+            any(DatabricksConfig.class),
+            any(),
+            any(),
+            any(TokenCache.class),
+            any(OpenIDConnectEndpoints.class));
 
     // Spy on the config to inject the endpoints
     OpenIDConnectEndpoints endpoints =
@@ -606,7 +625,12 @@ void cacheWithInvalidTokensTest() throws IOException {
 
     // Verify performBrowserAuth was called since we had an invalid token
     Mockito.verify(provider, Mockito.times(1))
-        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class), any(OpenIDConnectEndpoints.class));
+        .performBrowserAuth(
+            any(DatabricksConfig.class),
+            any(),
+            any(),
+            any(TokenCache.class),
+            any(OpenIDConnectEndpoints.class));
 
     // Verify token was saved after browser auth (for the new token)
     Mockito.verify(mockTokenCache, Mockito.times(1)).save(any(Token.class));
@@ -673,10 +697,7 @@ void externalBrowserAuthWithAzureClientIdTest() throws IOException {
     // Create valid token for browser auth
     Token browserAuthToken =
         new Token(
-            "azure_access_token",
-            "Bearer",
-            "azure_refresh_token",
-            Instant.now().plusSeconds(3600));
+            "azure_access_token", "Bearer", "azure_refresh_token", Instant.now().plusSeconds(3600));
 
     // Create token source
     SessionCredentialsTokenSource browserAuthTokenSource =
@@ -742,8 +763,11 @@ void externalBrowserAuthWithAzureClientIdTest() throws IOException {
     // Verify the captured endpoints match what we expect for Azure
     OpenIDConnectEndpoints capturedEndpoints = endpointsCaptor.getValue();
     assertNotNull(capturedEndpoints);
-    assertEquals("https://test.azuredatabricks.net/oidc/v1/token", capturedEndpoints.getTokenEndpoint());
-    assertEquals("https://test.azuredatabricks.net/oidc/v1/authorize", capturedEndpoints.getAuthorizationEndpoint());
+    assertEquals(
+        "https://test.azuredatabricks.net/oidc/v1/token", capturedEndpoints.getTokenEndpoint());
+    assertEquals(
+        "https://test.azuredatabricks.net/oidc/v1/authorize",
+        capturedEndpoints.getAuthorizationEndpoint());
 
     // Verify token was saved
     Mockito.verify(mockTokenCache, Mockito.times(1)).save(any(Token.class));
