update logic used to get client id

vikrantpuppala · vikrantpuppala · commit ab64d0fde1b2 · 2025-04-17T17:45:14.000+05:30
diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java
@@ -48,31 +48,33 @@ public HeaderFactory configure(DatabricksConfig config) {
     if (config.getHost() == null || !Objects.equals(config.getAuthType(), "external-browser")) {
       return null;
     }
-    if (config.getClientId() == null && config.getAzureClientId() == null) {
-      config.setClientId("databricks-cli");
-    }
+    
+    // Use the utility class to resolve client ID and client secret
+    String[] clientCreds = OAuthClientUtils.resolveClientCredentials(config);
+    String clientId = clientCreds[0];
+    String clientSecret = clientCreds[1];
+    
     try {
       if (tokenCache == null) {
         // Create a default FileTokenCache based on config
         Path cachePath =
-            TokenCacheUtils.getCacheFilePath(
-                config.getHost(), config.getClientId(), config.getScopes());
+            TokenCacheUtils.getCacheFilePath(config.getHost(), clientId, config.getScopes());
         tokenCache = new FileTokenCache(cachePath);
       }
 
       // First try to use the cached token if available (will return null if disabled)
       Token cachedToken = tokenCache.load();
       if (cachedToken != null && cachedToken.getRefreshToken() != null) {
-        LOGGER.debug("Found cached token for {}:{}", config.getHost(), config.getClientId());
+        LOGGER.debug("Found cached token for {}:{}", config.getHost(), clientId);
 
         try {
           // Create SessionCredentials with the cached token and try to refresh if needed
           SessionCredentials cachedCreds =
               new SessionCredentials.Builder()
                   .withToken(cachedToken)
                   .withHttpClient(config.getHttpClient())
-                  .withClientId(config.getClientId())
-                  .withClientSecret(config.getClientSecret())
+                  .withClientId(clientId)
+                  .withClientSecret(clientSecret)
                   .withTokenUrl(config.getOidcEndpoints().getTokenEndpoint())
                   .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
                   .withTokenCache(tokenCache)
@@ -88,7 +90,8 @@ public HeaderFactory configure(DatabricksConfig config) {
       }
 
       // If no cached token or refresh failed, perform browser auth
-      SessionCredentials credentials = performBrowserAuth(config, tokenCache);
+      SessionCredentials credentials =
+          performBrowserAuth(config, clientId, clientSecret, tokenCache);
       tokenCache.save(credentials.getToken());
       return credentials.configure(config);
     } catch (IOException | DatabricksException e) {
@@ -97,10 +100,19 @@ public HeaderFactory configure(DatabricksConfig config) {
     }
   }
 
-  SessionCredentials performBrowserAuth(DatabricksConfig config, TokenCache tokenCache)
+  SessionCredentials performBrowserAuth(
+      DatabricksConfig config, String clientId, String clientSecret, TokenCache tokenCache)
       throws IOException {
     LOGGER.debug("Performing browser authentication");
-    OAuthClient client = new OAuthClient(config);
+    OAuthClient client =
+        new OAuthClient.Builder()
+            .withHttpClient(config.getHttpClient())
+            .withClientId(clientId)
+            .withClientSecret(clientSecret)
+            .withHost(config.getHost())
+            .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
+            .withScopes(config.getScopes())
+            .build();
     Consent consent = client.initiateConsent();
 
     // Use the existing browser flow to get credentials
diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java
@@ -85,17 +85,6 @@ public OAuthClient build() throws IOException {
   private final boolean isAws;
   private final boolean isAzure;
 
-  public OAuthClient(DatabricksConfig config) throws IOException {
-    this(
-        new Builder()
-            .withHttpClient(config.getHttpClient())
-            .withClientId(config.getClientId())
-            .withClientSecret(config.getClientSecret())
-            .withHost(config.getHost())
-            .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
-            .withScopes(config.getScopes()));
-  }
-
   private OAuthClient(Builder b) throws IOException {
     this.clientId = Objects.requireNonNull(b.clientId);
     this.clientSecret = b.clientSecret;
diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClientUtils.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClientUtils.java
@@ -0,0 +1,58 @@
+package com.databricks.sdk.core.oauth;
+
+import com.databricks.sdk.core.DatabricksConfig;
+
+/**
+ * Utility methods for OAuth client credentials resolution.
+ */
+public class OAuthClientUtils {
+
+  /**
+   * Default client ID to use when no client ID is specified.
+   */
+  private static final String DEFAULT_CLIENT_ID = "databricks-cli";
+
+  /**
+   * Resolves the OAuth client ID from the configuration.
+   * Prioritizes regular OAuth client ID, then Azure client ID, and falls back to default client ID.
+   *
+   * @param config The Databricks configuration
+   * @return The resolved client ID
+   */
+  public static String resolveClientId(DatabricksConfig config) {
+    if (config.getClientId() != null) {
+      return config.getClientId();
+    } else if (config.getAzureClientId() != null) {
+      return config.getAzureClientId();
+    }
+    return DEFAULT_CLIENT_ID;
+  }
+
+  /**
+   * Resolves the OAuth client secret from the configuration.
+   * Prioritizes regular OAuth client secret, then Azure client secret.
+   *
+   * @param config The Databricks configuration
+   * @return The resolved client secret, or null if not present
+   */
+  public static String resolveClientSecret(DatabricksConfig config) {
+    if (config.getClientSecret() != null) {
+      return config.getClientSecret();
+    } else if (config.getAzureClientSecret() != null) {
+      return config.getAzureClientSecret();
+    }
+    return null;
+  }
+
+  /**
+   * Resolves both client ID and client secret from the configuration.
+   * 
+   * @param config The Databricks configuration
+   * @return An array containing the client ID and client secret (may be null)
+   */
+  public static String[] resolveClientCredentials(DatabricksConfig config) {
+    String clientId = resolveClientId(config);
+    String clientSecret = resolveClientSecret(config);
+    return new String[]{clientId, clientSecret};
+  }
+} 
diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java
@@ -42,7 +42,14 @@ void clientAndConsentTest() throws IOException {
 
       assertEquals("tokenEndPointFromServer", config.getOidcEndpoints().getTokenEndpoint());
 
-      OAuthClient testClient = new OAuthClient(config);
+      OAuthClient testClient = new OAuthClient.Builder()
+          .withHttpClient(config.getHttpClient())
+          .withClientId(config.getClientId())
+          .withClientSecret(config.getClientSecret())
+          .withHost(config.getHost())
+          .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
+          .withScopes(config.getScopes())
+          .build();
       assertEquals("test-client-id", testClient.getClientId());
 
       Consent testConsent = testClient.initiateConsent();
@@ -79,7 +86,14 @@ void clientAndConsentTestWithCustomRedirectUrl() throws IOException {
 
       assertEquals("tokenEndPointFromServer", config.getOidcEndpoints().getTokenEndpoint());
 
-      OAuthClient testClient = new OAuthClient(config);
+      OAuthClient testClient = new OAuthClient.Builder()
+          .withHttpClient(config.getHttpClient())
+          .withClientId(config.getClientId())
+          .withClientSecret(config.getClientSecret())
+          .withHost(config.getHost())
+          .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
+          .withScopes(config.getScopes())
+          .build();
       assertEquals("test-client-id", testClient.getClientId());
 
       Consent testConsent = testClient.initiateConsent();
@@ -261,7 +275,7 @@ void cacheWithValidTokenTest() throws IOException {
 
     // Verify performBrowserAuth was NOT called since refresh succeeded
     Mockito.verify(provider, Mockito.never())
-        .performBrowserAuth(any(DatabricksConfig.class), any(TokenCache.class));
+        .performBrowserAuth(any(DatabricksConfig.class), any(String.class), any(String.class), any(TokenCache.class));
 
     // Verify token was saved back to cache
     Mockito.verify(mockTokenCache, Mockito.times(1)).save(any(Token.class));
@@ -338,7 +352,7 @@ void cacheWithInvalidAccessTokenValidRefreshTest() throws IOException {
 
     // Verify performBrowserAuth was NOT called since refresh succeeded
     Mockito.verify(provider, Mockito.never())
-        .performBrowserAuth(any(DatabricksConfig.class), any(TokenCache.class));
+        .performBrowserAuth(any(DatabricksConfig.class), any(String.class), any(String.class), any(TokenCache.class));
 
     // Verify token was saved back to cache
     Mockito.verify(mockTokenCache, Mockito.times(1)).save(any(Token.class));
@@ -409,7 +423,7 @@ void cacheWithInvalidAccessTokenRefreshFailingTest() throws IOException {
         Mockito.spy(new ExternalBrowserCredentialsProvider(mockTokenCache));
     Mockito.doReturn(browserAuthCreds)
         .when(provider)
-        .performBrowserAuth(any(DatabricksConfig.class), any(TokenCache.class));
+        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class));
 
     // Spy on the config to inject the endpoints
     DatabricksConfig spyConfig = Mockito.spy(config);
@@ -427,7 +441,7 @@ void cacheWithInvalidAccessTokenRefreshFailingTest() throws IOException {
 
     // Verify performBrowserAuth was called since refresh failed
     Mockito.verify(provider, Mockito.times(1))
-        .performBrowserAuth(any(DatabricksConfig.class), any(TokenCache.class));
+        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class));
 
     // Verify token was saved after browser auth (for the new token)
     Mockito.verify(mockTokenCache, Mockito.times(1)).save(any(Token.class));
@@ -470,7 +484,7 @@ void cacheWithInvalidTokensTest() throws IOException {
         Mockito.spy(new ExternalBrowserCredentialsProvider(mockTokenCache));
     Mockito.doReturn(browserAuthCreds)
         .when(provider)
-        .performBrowserAuth(any(DatabricksConfig.class), any(TokenCache.class));
+        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class));
 
     // Configure provider
     HeaderFactory headerFactory = provider.configure(config);
@@ -483,7 +497,7 @@ void cacheWithInvalidTokensTest() throws IOException {
 
     // Verify performBrowserAuth was called since we had an invalid token
     Mockito.verify(provider, Mockito.times(1))
-        .performBrowserAuth(any(DatabricksConfig.class), any(TokenCache.class));
+        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class));
 
     // Verify token was saved after browser auth (for the new token)
     Mockito.verify(mockTokenCache, Mockito.times(1)).save(any(Token.class));
diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/OAuthClientUtilsTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/OAuthClientUtilsTest.java
@@ -0,0 +1,97 @@
+package com.databricks.sdk.core.oauth;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+import com.databricks.sdk.core.DatabricksConfig;
+import org.junit.jupiter.api.Test;
+
+public class OAuthClientUtilsTest {
+
+  @Test
+  void resolveClientIdTest() {
+    // Test with regular client ID
+    DatabricksConfig config = new DatabricksConfig()
+        .setClientId("test-client-id")
+        .setAzureClientId("azure-client-id");
+    assertEquals("test-client-id", OAuthClientUtils.resolveClientId(config));
+
+    // Test with only Azure client ID
+    config = new DatabricksConfig()
+        .setClientId(null)
+        .setAzureClientId("azure-client-id");
+    assertEquals("azure-client-id", OAuthClientUtils.resolveClientId(config));
+
+    // Test with no client IDs
+    config = new DatabricksConfig()
+        .setClientId(null)
+        .setAzureClientId(null);
+    assertEquals("databricks-cli", OAuthClientUtils.resolveClientId(config));
+  }
+
+  @Test
+  void resolveClientSecretTest() {
+    // Test with regular client secret
+    DatabricksConfig config = new DatabricksConfig()
+        .setClientSecret("test-client-secret")
+        .setAzureClientSecret("azure-client-secret");
+    assertEquals("test-client-secret", OAuthClientUtils.resolveClientSecret(config));
+
+    // Test with only Azure client secret
+    config = new DatabricksConfig()
+        .setClientSecret(null)
+        .setAzureClientSecret("azure-client-secret");
+    assertEquals("azure-client-secret", OAuthClientUtils.resolveClientSecret(config));
+
+    // Test with no client secrets
+    config = new DatabricksConfig()
+        .setClientSecret(null)
+        .setAzureClientSecret(null);
+    assertNull(OAuthClientUtils.resolveClientSecret(config));
+  }
+
+  @Test
+  void resolveClientCredentialsTest() {
+    // Test with both client ID and secret
+    DatabricksConfig config = new DatabricksConfig()
+        .setClientId("test-client-id")
+        .setClientSecret("test-client-secret");
+    String[] credentials = OAuthClientUtils.resolveClientCredentials(config);
+    assertEquals("test-client-id", credentials[0]);
+    assertEquals("test-client-secret", credentials[1]);
+
+    // Test with only client ID
+    config = new DatabricksConfig()
+        .setClientId("test-client-id")
+        .setClientSecret(null);
+    credentials = OAuthClientUtils.resolveClientCredentials(config);
+    assertEquals("test-client-id", credentials[0]);
+    assertNull(credentials[1]);
+
+    // Test with Azure credentials
+    config = new DatabricksConfig()
+        .setClientId(null)
+        .setClientSecret(null)
+        .setAzureClientId("azure-client-id")
+        .setAzureClientSecret("azure-client-secret");
+    credentials = OAuthClientUtils.resolveClientCredentials(config);
+    assertEquals("azure-client-id", credentials[0]);
+    assertEquals("azure-client-secret", credentials[1]);
+
+    // Test with no credentials
+    config = new DatabricksConfig();
+    credentials = OAuthClientUtils.resolveClientCredentials(config);
+    assertEquals("databricks-cli", credentials[0]);
+    assertNull(credentials[1]);
+
+    // Test mixed credentials preference
+    config = new DatabricksConfig()
+        .setClientId("test-client-id")
+        .setClientSecret(null)
+        .setAzureClientId("azure-client-id")
+        .setAzureClientSecret("azure-client-secret");
+    credentials = OAuthClientUtils.resolveClientCredentials(config);
+    assertEquals("test-client-id", credentials[0]);
+    assertEquals("azure-client-secret", credentials[1]);
+  }
+} 
