add a way to enable/disable token cache

Author: vikrantpuppala

databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java

@@ -47,6 +47,13 @@ public class DatabricksConfig {
   @ConfigAttribute(env = "DATABRICKS_OAUTH_TOKEN_CACHE_PASSPHRASE", auth = "oauth", sensitive = true)
   private String oAuthTokenCachePassphrase;
 
+  /**
+   * Controls whether OAuth token caching is enabled.
+   * When set to false, tokens will not be cached or loaded from cache.
+   */
+  @ConfigAttribute(env = "DATABRICKS_OAUTH_TOKEN_CACHE_ENABLED", auth = "oauth")
+  private Boolean isTokenCacheEnabled;
+
   /**
    * The OpenID Connect discovery URL used to retrieve OIDC configuration and endpoints.
    *
@@ -682,15 +689,36 @@ public DatabricksConfig newWithWorkspaceHost(String host) {
     return clone(fieldsToSkip).setHost(host);
   }
 
-  public String getOAuthPassphrase() {
+  public String getOAuthTokenCachePassphrase() {
     return oAuthTokenCachePassphrase;
   }
 
-  public DatabricksConfig setOAuthPassphrase(String oAuthPassphrase) {
+  public DatabricksConfig setOAuthTokenCachePassphrase(String oAuthPassphrase) {
     this.oAuthTokenCachePassphrase = oAuthPassphrase;
     return this;
   }
 
+  /**
+   * Gets whether OAuth token caching is enabled.
+   * Default is true.
+   * 
+   * @return true if token caching is enabled, false otherwise
+   */
+  public boolean isTokenCacheEnabled() {
+    return isTokenCacheEnabled == null || isTokenCacheEnabled;
+  }
+
+  /**
+   * Sets whether OAuth token caching is enabled.
+   * 
+   * @param enabled true to enable token caching, false to disable
+   * @return this config instance
+   */
+  public DatabricksConfig setTokenCacheEnabled(boolean enabled) {
+    this.isTokenCacheEnabled = enabled;
+    return this;
+  }
+
   /**
    * Gets the default OAuth redirect URL.
    * If one is not provided explicitly, uses http://localhost:8080/callback
@@ -704,40 +732,14 @@ public String getEffectiveOAuthRedirectUrl() {
   /**
    * Gets the TokenCache instance for the current configuration.
    * Creates it if it doesn't exist yet.
+   * When token caching is disabled, the TokenCache will be created but operations will be no-ops.
    * 
    * @return A TokenCache instance for the current host, client ID, and scopes
    */
   public synchronized TokenCache getTokenCache() {
-    if (tokenCache == null && getHost() != null && getClientId() != null) {
-      tokenCache = new TokenCache(getHost(), getClientId(), getScopes(), getOAuthPassphrase());
+    if (tokenCache == null) {
+      tokenCache = new TokenCache(getHost(), getClientId(), getScopes(), getOAuthTokenCachePassphrase(), isTokenCacheEnabled());
     }
     return tokenCache;
   }
-  
-  /**
-   * Loads a cached token if one exists for the current configuration.
-   * 
-   * @return The cached token, or null if no valid token is cached
-   */
-  public Token loadCachedToken() {
-    TokenCache cache = getTokenCache();
-    if (cache == null) {
-      return null;
-    }
-    return cache.load();
-  }
-  
-  /**
-   * Saves a token to the cache for the current configuration.
-   * 
-   * @param token The token to cache
-   * @throws IOException If there is an error saving the token
-   */
-  public void saveTokenToCache(Token token) throws IOException {
-    TokenCache cache = getTokenCache();
-    if (cache == null) {
-      return;
-    }
-    cache.save(token);
-  }
 }

databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java

@@ -11,7 +11,8 @@
 /**
  * A {@code CredentialsProvider} which implements the Authorization Code + PKCE flow by opening a
  * browser for the user to authorize the application. When cache support is enabled with 
- * {@link DatabricksConfig#setOAuthPassphrase}, tokens will be cached to avoid repeated authentication.
+ * {@link DatabricksConfig#setOAuthTokenCachePassphrase} and {@link DatabricksConfig#setTokenCacheEnabled(boolean)},
+ * tokens will be cached to avoid repeated authentication.
  */
 public class ExternalBrowserCredentialsProvider implements CredentialsProvider {
   private static final Logger LOGGER = LoggerFactory.getLogger(ExternalBrowserCredentialsProvider.class);
@@ -31,7 +32,7 @@ public HeaderFactory configure(DatabricksConfig config) {
       // Get the token cache from config
       TokenCache tokenCache = config.getTokenCache();
 
-      // First try to use the cached token if available
+      // First try to use the cached token if available (will return null if disabled)
       Token cachedToken = tokenCache.load();
       if (cachedToken != null && cachedToken.getRefreshToken() != null) {
         LOGGER.debug("Found cached token for {}:{}", config.getHost(), config.getClientId());
@@ -47,7 +48,9 @@ public HeaderFactory configure(DatabricksConfig config) {
               .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
               .build();
 
-          LOGGER.debug("Using cached token (will refresh if needed)");
+          LOGGER.debug("Using cached token, will immediately refresh");
+          cachedCreds.token = cachedCreds.refresh();
+          tokenCache.save(cachedToken);
           return cachedCreds.configure(config);
         } catch (Exception e) {
           // If token refresh fails, log and continue to browser auth
@@ -58,7 +61,6 @@ public HeaderFactory configure(DatabricksConfig config) {
       // If no cached token or refresh failed, perform browser auth
       SessionCredentials credentials = performBrowserAuth(config);
       tokenCache.save(credentials.getToken());
-      LOGGER.debug("Saved browser auth token to cache");
       return credentials.configure(config);
     } catch (IOException | DatabricksException e) {
       LOGGER.error("Failed to authenticate: {}", e.getMessage());

databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/TokenCache.java

@@ -20,13 +20,18 @@
 import com.databricks.sdk.core.utils.SerDeUtils;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.annotations.VisibleForTesting;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * TokenCache stores OAuth tokens on disk to avoid repeated authentication.
  * It generates a unique cache filename based on the host, client ID, and scopes.
  * If a passphrase is provided, the token data is encrypted for added security.
+ * Cache operations can be disabled by setting isEnabled to false.
  */
 public class TokenCache {
+  private static final Logger LOGGER = LoggerFactory.getLogger(TokenCache.class);
+  
   // Base path for token cache files, aligned with Python implementation
   private static final String BASE_PATH = ".config/databricks-sdk-java/oauth";
 
@@ -43,6 +48,7 @@ public class TokenCache {
   private final Path cacheFile;
   private final String passphrase;
   private final ObjectMapper mapper;
+  private final boolean isEnabled;
 
   /**
    * Constructs a new TokenCache instance for OAuth token caching
@@ -51,17 +57,20 @@ public class TokenCache {
    * @param clientId The OAuth client ID
    * @param scopes The OAuth scopes requested (optional)
    * @param passphrase The passphrase used to encrypt/decrypt the token cache (optional)
+   * @param isEnabled Whether token caching is enabled
    */
   public TokenCache(
       String host,
       String clientId,
       List<String> scopes,
-      String passphrase) {
+      String passphrase,
+      boolean isEnabled) {
     this.host = Objects.requireNonNull(host, "host must be defined");
     this.clientId = Objects.requireNonNull(clientId, "clientId must be defined");
     this.scopes = scopes != null ? scopes : new ArrayList<>();
     this.passphrase = passphrase; // Can be null or empty, encryption will be skipped in that case
     this.mapper = SerDeUtils.createMapper();
+    this.isEnabled = isEnabled;
 
     this.cacheFile = getFilename();
   }
@@ -113,11 +122,17 @@ private boolean shouldUseEncryption() {
 
   /**
    * Saves a Token to the cache file, encrypting if a passphrase is provided
+   * Does nothing if caching is disabled
    *
    * @param token The Token to save
    * @throws IOException If an error occurs writing to the file
    */
   public void save(Token token) throws IOException {
+    if (!isEnabled) {
+      LOGGER.debug("Token caching is disabled, skipping save operation");
+      return;
+    }
+    
     try {
       Files.createDirectories(cacheFile.getParent());
 
@@ -138,19 +153,28 @@ public void save(Token token) throws IOException {
       cacheFile.toFile().setReadable(true, true);
       cacheFile.toFile().setWritable(false, false);
       cacheFile.toFile().setWritable(true, true);
+      
+      LOGGER.debug("Successfully saved token to cache: {}", cacheFile);
     } catch (Exception e) {
       throw new IOException("Failed to save token cache: " + e.getMessage(), e);
     }
   }
 
   /**
    * Loads a Token from the cache file, decrypting if a passphrase was provided
+   * Returns null if caching is disabled
    *
-   * @return The Token from the cache or null if the cache file doesn't exist or is invalid
+   * @return The Token from the cache or null if the cache file doesn't exist, is invalid, or caching is disabled
    */
   public Token load() {
+    if (!isEnabled) {
+      LOGGER.debug("Token caching is disabled, skipping load operation");
+      return null;
+    }
+    
     try {
       if (!Files.exists(cacheFile)) {
+        LOGGER.debug("No token cache file found at: {}", cacheFile);
         return null;
       }
 
@@ -163,6 +187,7 @@ public Token load() {
         } catch (Exception e) {
           // If decryption fails, it might be because the file was saved without encryption
           // or the passphrase is incorrect
+          LOGGER.debug("Failed to decrypt token cache: {}", e.getMessage());
           return null;
         }
       } else {
@@ -171,10 +196,13 @@ public Token load() {
 
       // Deserialize token from JSON
       String json = new String(decodedContent, StandardCharsets.UTF_8);
-      return mapper.readValue(json, Token.class);
+      Token token = mapper.readValue(json, Token.class);
+      LOGGER.debug("Successfully loaded token from cache: {}", cacheFile);
+      return token;
     } catch (Exception e) {
       // If there's any issue loading the token, return null
       // to allow a fresh token to be obtained
+      LOGGER.debug("Failed to load token from cache: {}", e.getMessage());
       return null;
     }
   }