From 822d47eca0cf63bb929afcc442a87052879487cb Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Tue, 26 Aug 2025 12:07:04 +0530 Subject: [PATCH 01/10] Honor discovery url for flows other than M2M --- .../databricks/sdk/core/DatabricksConfig.java | 18 +++++++++++++++++- .../databricks/sdk/core/oauth/OAuthClient.java | 8 +++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java index 074e97974..ef01cfa37 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java @@ -17,8 +17,11 @@ import java.time.Duration; import java.util.*; import org.apache.http.HttpMessage; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class DatabricksConfig { + private static final Logger LOG = LoggerFactory.getLogger(DatabricksConfig.class); private CredentialsProvider credentialsProvider = new DefaultCredentialsProvider(); @ConfigAttribute(env = "DATABRICKS_HOST") @@ -647,7 +650,19 @@ public OpenIDConnectEndpoints getOidcEndpoints() throws IOException { if (discoveryUrl == null) { return fetchDefaultOidcEndpoints(); } - return fetchOidcEndpointsFromDiscovery(); + try { + OpenIDConnectEndpoints oidcEndpoints = fetchOidcEndpointsFromDiscovery(); + if (oidcEndpoints != null) { + return oidcEndpoints; + } + } catch (Exception e) { + LOG.warn( + "Failed to fetch OIDC Endpoints using discovery URL: {}. Error: {}. \nDefaulting to fetch OIDC using default endpoint.", + discoveryUrl, + e.getMessage(), + e); + } + return fetchDefaultOidcEndpoints(); } private OpenIDConnectEndpoints fetchOidcEndpointsFromDiscovery() { @@ -737,6 +752,7 @@ public DatabricksEnvironment getDatabricksEnvironment() { } private DatabricksConfig clone(Set fieldsToSkip) { + fieldsToSkip.add("LOG"); DatabricksConfig newConfig = new DatabricksConfig(); for (Field f : DatabricksConfig.class.getDeclaredFields()) { if (fieldsToSkip.contains(f.getName())) { diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java index 3803bafb0..3a7788a55 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java @@ -43,6 +43,7 @@ public static class Builder { private HttpClient hc; private String accountId; private Optional browserTimeout = Optional.empty(); + private String discoveryUrl; public Builder() {} @@ -89,6 +90,11 @@ public Builder withBrowserTimeout(Duration browserTimeout) { this.browserTimeout = Optional.of(browserTimeout); return this; } + + public Builder withDiscoveryUrl(String discoveryUrl) { + this.discoveryUrl = discoveryUrl; + return this; + } } private final String clientId; @@ -112,7 +118,7 @@ private OAuthClient(Builder b) throws IOException { this.hc = b.hc; DatabricksConfig config = - new DatabricksConfig().setHost(b.host).setAccountId(b.accountId).resolve(); + new DatabricksConfig().setHost(b.host).setAccountId(b.accountId).setDiscoveryUrl(b.discoveryUrl).resolve(); OpenIDConnectEndpoints oidc = config.getOidcEndpoints(); if (oidc == null) { throw new DatabricksException(b.host + " does not support OAuth"); From 7a81f73a71c42cec6288dfb45061fcb397c84126 Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Thu, 28 Aug 2025 13:07:22 +0530 Subject: [PATCH 02/10] Add more changes --- .../ExternalBrowserCredentialsProvider.java | 1 + .../sdk/core/DatabricksConfigTest.java | 29 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java index 95780b6fa..26ce69ae7 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java @@ -130,6 +130,7 @@ CachedTokenSource performBrowserAuth( .withRedirectUrl(config.getEffectiveOAuthRedirectUrl()) .withBrowserTimeout(config.getOAuthBrowserAuthTimeout()) .withScopes(new ArrayList<>(scopes)) + .withDiscoveryUrl(config.getDiscoveryUrl()) .build(); Consent consent = client.initiateConsent(); diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java index 88a466a32..7465d3c8c 100644 --- a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java +++ b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java @@ -166,6 +166,35 @@ public void testDiscoveryEndpoint() throws IOException { } } + @Test + public void testDiscoveryEndpointFetchFallback() throws IOException { + String discoveryUrlSuffix = "/test.discovery.url"; + String OIDCResponse = + "{\n" + + " \"authorization_endpoint\": \"https://test.auth.endpoint/oidc/v1/authorize\",\n" + + " \"token_endpoint\": \"https://test.auth.endpoint/oidc/v1/token\"\n" + + "}"; + + try (FixtureServer server = + new FixtureServer() + .with("GET", discoveryUrlSuffix, "", 400) + .with("GET", "/oidc/.well-known/oauth-authorization-server", OIDCResponse, 200)) { + + String discoveryUrl = server.getUrl() + discoveryUrlSuffix; + + OpenIDConnectEndpoints oidcEndpoints = + new DatabricksConfig() + .setHost(server.getUrl()) + .setDiscoveryUrl(discoveryUrl) + .setHttpClient(new CommonsHttpClient.Builder().withTimeoutSeconds(30).build()) + .getOidcEndpoints(); + + assertEquals( + "https://test.auth.endpoint/oidc/v1/authorize", oidcEndpoints.getAuthorizationEndpoint()); + assertEquals("https://test.auth.endpoint/oidc/v1/token", oidcEndpoints.getTokenEndpoint()); + } + } + @Test public void testNewWithWorkspaceHost() { DatabricksConfig config = From 39220f35abc92e43682530d3a1ce7177fff8afe7 Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Sat, 30 Aug 2025 13:55:19 +0530 Subject: [PATCH 03/10] Fix spotless + fix next_changelog --- NEXT_CHANGELOG.md | 2 ++ .../com/databricks/sdk/core/oauth/OAuthClient.java | 6 +++++- .../databricks/sdk/core/DatabricksConfigTest.java | 14 +++++++------- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md index a6f5b13ba..887d68ec1 100644 --- a/NEXT_CHANGELOG.md +++ b/NEXT_CHANGELOG.md @@ -4,6 +4,8 @@ ### New Features and Improvements +* Add support for discovery URL for browser based authentication flow. + ### Bug Fixes * Fixed `selectSparkVersion()` method to use contains() instead of equals() for spark version matching. diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java index 3a7788a55..fbad43b82 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java @@ -118,7 +118,11 @@ private OAuthClient(Builder b) throws IOException { this.hc = b.hc; DatabricksConfig config = - new DatabricksConfig().setHost(b.host).setAccountId(b.accountId).setDiscoveryUrl(b.discoveryUrl).resolve(); + new DatabricksConfig() + .setHost(b.host) + .setAccountId(b.accountId) + .setDiscoveryUrl(b.discoveryUrl) + .resolve(); OpenIDConnectEndpoints oidc = config.getOidcEndpoints(); if (oidc == null) { throw new DatabricksException(b.host + " does not support OAuth"); diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java index 7465d3c8c..8ce3f83ff 100644 --- a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java +++ b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java @@ -170,15 +170,15 @@ public void testDiscoveryEndpoint() throws IOException { public void testDiscoveryEndpointFetchFallback() throws IOException { String discoveryUrlSuffix = "/test.discovery.url"; String OIDCResponse = - "{\n" - + " \"authorization_endpoint\": \"https://test.auth.endpoint/oidc/v1/authorize\",\n" - + " \"token_endpoint\": \"https://test.auth.endpoint/oidc/v1/token\"\n" - + "}"; + "{\n" + + " \"authorization_endpoint\": \"https://test.auth.endpoint/oidc/v1/authorize\",\n" + + " \"token_endpoint\": \"https://test.auth.endpoint/oidc/v1/token\"\n" + + "}"; try (FixtureServer server = - new FixtureServer() - .with("GET", discoveryUrlSuffix, "", 400) - .with("GET", "/oidc/.well-known/oauth-authorization-server", OIDCResponse, 200)) { + new FixtureServer() + .with("GET", discoveryUrlSuffix, "", 400) + .with("GET", "/oidc/.well-known/oauth-authorization-server", OIDCResponse, 200)) { String discoveryUrl = server.getUrl() + discoveryUrlSuffix; From 72daebda68871d540c72d862839100cef9966377 Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Sat, 30 Aug 2025 13:58:16 +0530 Subject: [PATCH 04/10] fmt --- .../com/databricks/sdk/core/DatabricksConfig.java | 8 ++++---- .../databricks/sdk/core/DatabricksConfigTest.java | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java index ef01cfa37..02dd8b3db 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java @@ -657,10 +657,10 @@ public OpenIDConnectEndpoints getOidcEndpoints() throws IOException { } } catch (Exception e) { LOG.warn( - "Failed to fetch OIDC Endpoints using discovery URL: {}. Error: {}. \nDefaulting to fetch OIDC using default endpoint.", - discoveryUrl, - e.getMessage(), - e); + "Failed to fetch OIDC Endpoints using discovery URL: {}. Error: {}. \nDefaulting to fetch OIDC using default endpoint.", + discoveryUrl, + e.getMessage(), + e); } return fetchDefaultOidcEndpoints(); } diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java index 8ce3f83ff..31dbead89 100644 --- a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java +++ b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java @@ -183,14 +183,14 @@ public void testDiscoveryEndpointFetchFallback() throws IOException { String discoveryUrl = server.getUrl() + discoveryUrlSuffix; OpenIDConnectEndpoints oidcEndpoints = - new DatabricksConfig() - .setHost(server.getUrl()) - .setDiscoveryUrl(discoveryUrl) - .setHttpClient(new CommonsHttpClient.Builder().withTimeoutSeconds(30).build()) - .getOidcEndpoints(); + new DatabricksConfig() + .setHost(server.getUrl()) + .setDiscoveryUrl(discoveryUrl) + .setHttpClient(new CommonsHttpClient.Builder().withTimeoutSeconds(30).build()) + .getOidcEndpoints(); assertEquals( - "https://test.auth.endpoint/oidc/v1/authorize", oidcEndpoints.getAuthorizationEndpoint()); + "https://test.auth.endpoint/oidc/v1/authorize", oidcEndpoints.getAuthorizationEndpoint()); assertEquals("https://test.auth.endpoint/oidc/v1/token", oidcEndpoints.getTokenEndpoint()); } } From ef83db2221c254749e4f605acc624c31c982630a Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Sun, 14 Sep 2025 22:52:29 +0530 Subject: [PATCH 05/10] Address offline comments --- .../ExternalBrowserCredentialsProvider.java | 2 +- .../sdk/core/oauth/OAuthClient.java | 26 +++++++++++-------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java index 26ce69ae7..a2821af24 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java @@ -130,7 +130,7 @@ CachedTokenSource performBrowserAuth( .withRedirectUrl(config.getEffectiveOAuthRedirectUrl()) .withBrowserTimeout(config.getOAuthBrowserAuthTimeout()) .withScopes(new ArrayList<>(scopes)) - .withDiscoveryUrl(config.getDiscoveryUrl()) + .withOpenIDConnectEndpoints(config.getOidcEndpoints()) .build(); Consent consent = client.initiateConsent(); diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java index fbad43b82..6a752fe26 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java @@ -43,7 +43,7 @@ public static class Builder { private HttpClient hc; private String accountId; private Optional browserTimeout = Optional.empty(); - private String discoveryUrl; + private OpenIDConnectEndpoints openIDConnectEndpoints; public Builder() {} @@ -52,6 +52,11 @@ public Builder withHttpClient(HttpClient hc) { return this; } + public Builder withOpenIDConnectEndpoints(OpenIDConnectEndpoints openIDConnectEndpoints) { + this.openIDConnectEndpoints = openIDConnectEndpoints; + return this; + } + public Builder withHost(String host) { this.host = host; return this; @@ -90,11 +95,6 @@ public Builder withBrowserTimeout(Duration browserTimeout) { this.browserTimeout = Optional.of(browserTimeout); return this; } - - public Builder withDiscoveryUrl(String discoveryUrl) { - this.discoveryUrl = discoveryUrl; - return this; - } } private final String clientId; @@ -108,6 +108,7 @@ public Builder withDiscoveryUrl(String discoveryUrl) { private final SecureRandom random = new SecureRandom(); private final boolean isAws; private final boolean isAzure; + private final OpenIDConnectEndpoints openIDConnectEndpoints; private final Optional browserTimeout; private OAuthClient(Builder b) throws IOException { @@ -121,17 +122,16 @@ private OAuthClient(Builder b) throws IOException { new DatabricksConfig() .setHost(b.host) .setAccountId(b.accountId) - .setDiscoveryUrl(b.discoveryUrl) .resolve(); - OpenIDConnectEndpoints oidc = config.getOidcEndpoints(); - if (oidc == null) { + openIDConnectEndpoints = b.openIDConnectEndpoints; + if (openIDConnectEndpoints == null) { throw new DatabricksException(b.host + " does not support OAuth"); } this.isAws = config.isAws(); this.isAzure = config.isAzure(); - this.tokenUrl = oidc.getTokenEndpoint(); - this.authUrl = oidc.getAuthorizationEndpoint(); + this.tokenUrl = openIDConnectEndpoints.getTokenEndpoint(); + this.authUrl = openIDConnectEndpoints.getAuthorizationEndpoint(); this.browserTimeout = b.browserTimeout; this.scopes = b.scopes; } @@ -148,6 +148,10 @@ public String getClientSecret() { return clientSecret; } + public OpenIDConnectEndpoints getOidcEndpoints() { + return openIDConnectEndpoints; + } + public String getRedirectUrl() { return redirectUrl; } From a229e8c1cc408c056e369112d6e8e014cb0c2a28 Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Mon, 15 Sep 2025 01:32:25 +0530 Subject: [PATCH 06/10] Fix tests --- .../sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java index ec94f161c..c5c237349 100644 --- a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java +++ b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java @@ -49,6 +49,7 @@ void clientAndConsentTest() throws IOException { .withClientId(config.getClientId()) .withClientSecret(config.getClientSecret()) .withHost(config.getHost()) + .withOpenIDConnectEndpoints(config.getOidcEndpoints()) .withRedirectUrl(config.getEffectiveOAuthRedirectUrl()) .withScopes(config.getScopes()) .build(); @@ -94,6 +95,7 @@ void clientAndConsentTestWithCustomRedirectUrl() throws IOException { .withClientId(config.getClientId()) .withClientSecret(config.getClientSecret()) .withHost(config.getHost()) + .withOpenIDConnectEndpoints(config.getOidcEndpoints()) .withRedirectUrl(config.getEffectiveOAuthRedirectUrl()) .withScopes(config.getScopes()) .build(); From e08cfb73c0aab5c30197c690aeb883d3f35322cc Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Mon, 15 Sep 2025 01:44:01 +0530 Subject: [PATCH 07/10] fmt --- .../databricks/sdk/core/DatabricksConfig.java | 56 ++++++++++--------- .../sdk/core/oauth/OAuthClient.java | 31 +++++----- 2 files changed, 44 insertions(+), 43 deletions(-) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java index 02dd8b3db..f86c0dbd9 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java @@ -242,7 +242,7 @@ public TokenSource getTokenSource() { return (TokenSource) headerFactory; } return new ErrorTokenSource( - String.format("OAuth Token not supported for current auth type %s", authType)); + String.format("OAuth Token not supported for current auth type %s", authType)); } public CredentialsProvider getCredentialsProvider() { @@ -434,13 +434,17 @@ public DatabricksConfig setAzureUseMsi(boolean azureUseMsi) { return this; } - /** @deprecated Use {@link #getAzureUseMsi()} instead. */ + /** + * @deprecated Use {@link #getAzureUseMsi()} instead. + */ @Deprecated() public boolean getAzureUseMSI() { return azureUseMsi; } - /** @deprecated Use {@link #getAzureUseMsi()} instead. */ + /** + * @deprecated Use {@link #getAzureUseMsi()} instead. + */ @Deprecated public DatabricksConfig setAzureUseMSI(boolean azureUseMsi) { this.azureUseMsi = azureUseMsi; @@ -657,10 +661,10 @@ public OpenIDConnectEndpoints getOidcEndpoints() throws IOException { } } catch (Exception e) { LOG.warn( - "Failed to fetch OIDC Endpoints using discovery URL: {}. Error: {}. \nDefaulting to fetch OIDC using default endpoint.", - discoveryUrl, - e.getMessage(), - e); + "Failed to fetch OIDC Endpoints using discovery URL: {}. Error: {}. \nDefaulting to fetch OIDC using default endpoint.", + discoveryUrl, + e.getMessage(), + e); } return fetchDefaultOidcEndpoints(); } @@ -691,7 +695,7 @@ private OpenIDConnectEndpoints fetchDefaultOidcEndpoints() throws IOException { return null; } return new OpenIDConnectEndpoints( - realAuthUrl.replaceAll("/authorize", "/token"), realAuthUrl); + realAuthUrl.replaceAll("/authorize", "/token"), realAuthUrl); } if (isAccountClient() && getAccountId() != null) { String prefix = getHost() + "/oidc/accounts/" + getAccountId(); @@ -699,14 +703,14 @@ private OpenIDConnectEndpoints fetchDefaultOidcEndpoints() throws IOException { } ApiClient apiClient = - new ApiClient.Builder() - .withHttpClient(getHttpClient()) - .withGetHostFunc(v -> getHost()) - .build(); + new ApiClient.Builder() + .withHttpClient(getHttpClient()) + .withGetHostFunc(v -> getHost()) + .build(); try { return apiClient.execute( - new Request("GET", "/oidc/.well-known/oauth-authorization-server"), - OpenIDConnectEndpoints.class); + new Request("GET", "/oidc/.well-known/oauth-authorization-server"), + OpenIDConnectEndpoints.class); } catch (IOException e) { throw new DatabricksException("IO error: " + e.getMessage(), e); } @@ -773,18 +777,18 @@ public DatabricksConfig clone() { public DatabricksConfig newWithWorkspaceHost(String host) { Set fieldsToSkip = - new HashSet<>( - Arrays.asList( - // The config for WorkspaceClient has a different host and Azure Workspace resource - // ID, and also omits - // the account ID. - "host", - "accountId", - "azureWorkspaceResourceId", - // For cloud-native OAuth, we need to reauthenticate as the audience has changed, so - // don't cache the - // header factory. - "headerFactory")); + new HashSet<>( + Arrays.asList( + // The config for WorkspaceClient has a different host and Azure Workspace resource + // ID, and also omits + // the account ID. + "host", + "accountId", + "azureWorkspaceResourceId", + // For cloud-native OAuth, we need to reauthenticate as the audience has changed, so + // don't cache the + // header factory. + "headerFactory")); return clone(fieldsToSkip).setHost(host); } diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java index 6a752fe26..9f9669c74 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java @@ -119,10 +119,7 @@ private OAuthClient(Builder b) throws IOException { this.hc = b.hc; DatabricksConfig config = - new DatabricksConfig() - .setHost(b.host) - .setAccountId(b.accountId) - .resolve(); + new DatabricksConfig().setHost(b.host).setAccountId(b.accountId).resolve(); openIDConnectEndpoints = b.openIDConnectEndpoints; if (openIDConnectEndpoints == null) { throw new DatabricksException(b.host + " does not support OAuth"); @@ -193,9 +190,9 @@ private static byte[] sha256(byte[] input) { private static String urlEncode(String urlBase, Map params) { String queryParams = - params.entrySet().stream() - .map(entry -> entry.getKey() + "=" + entry.getValue()) - .collect(Collectors.joining("&")); + params.entrySet().stream() + .map(entry -> entry.getKey() + "=" + entry.getValue()) + .collect(Collectors.joining("&")); return urlBase + "?" + queryParams.replaceAll(" ", "%20"); } @@ -217,15 +214,15 @@ public Consent initiateConsent() throws MalformedURLException { String url = urlEncode(authUrl, params); return new Consent.Builder() - .withClientId(clientId) - .withClientSecret(clientSecret) - .withAuthUrl(url) - .withTokenUrl(tokenUrl) - .withRedirectUrl(redirectUrl) - .withState(state) - .withVerifier(verifier) - .withHttpClient(hc) - .withBrowserTimeout(browserTimeout) - .build(); + .withClientId(clientId) + .withClientSecret(clientSecret) + .withAuthUrl(url) + .withTokenUrl(tokenUrl) + .withRedirectUrl(redirectUrl) + .withState(state) + .withVerifier(verifier) + .withHttpClient(hc) + .withBrowserTimeout(browserTimeout) + .build(); } } From ebd14da1d281e81957c2205ae913100752d1f066 Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Wed, 17 Sep 2025 00:38:34 +0530 Subject: [PATCH 08/10] Address comments --- .../databricks/sdk/core/DatabricksConfig.java | 18 +----------- .../sdk/core/DatabricksConfigTest.java | 29 ------------------- 2 files changed, 1 insertion(+), 46 deletions(-) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java index f86c0dbd9..2a6122e88 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java @@ -17,11 +17,8 @@ import java.time.Duration; import java.util.*; import org.apache.http.HttpMessage; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public class DatabricksConfig { - private static final Logger LOG = LoggerFactory.getLogger(DatabricksConfig.class); private CredentialsProvider credentialsProvider = new DefaultCredentialsProvider(); @ConfigAttribute(env = "DATABRICKS_HOST") @@ -654,19 +651,7 @@ public OpenIDConnectEndpoints getOidcEndpoints() throws IOException { if (discoveryUrl == null) { return fetchDefaultOidcEndpoints(); } - try { - OpenIDConnectEndpoints oidcEndpoints = fetchOidcEndpointsFromDiscovery(); - if (oidcEndpoints != null) { - return oidcEndpoints; - } - } catch (Exception e) { - LOG.warn( - "Failed to fetch OIDC Endpoints using discovery URL: {}. Error: {}. \nDefaulting to fetch OIDC using default endpoint.", - discoveryUrl, - e.getMessage(), - e); - } - return fetchDefaultOidcEndpoints(); + return fetchOidcEndpointsFromDiscovery(); } private OpenIDConnectEndpoints fetchOidcEndpointsFromDiscovery() { @@ -756,7 +741,6 @@ public DatabricksEnvironment getDatabricksEnvironment() { } private DatabricksConfig clone(Set fieldsToSkip) { - fieldsToSkip.add("LOG"); DatabricksConfig newConfig = new DatabricksConfig(); for (Field f : DatabricksConfig.class.getDeclaredFields()) { if (fieldsToSkip.contains(f.getName())) { diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java index 31dbead89..88a466a32 100644 --- a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java +++ b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java @@ -166,35 +166,6 @@ public void testDiscoveryEndpoint() throws IOException { } } - @Test - public void testDiscoveryEndpointFetchFallback() throws IOException { - String discoveryUrlSuffix = "/test.discovery.url"; - String OIDCResponse = - "{\n" - + " \"authorization_endpoint\": \"https://test.auth.endpoint/oidc/v1/authorize\",\n" - + " \"token_endpoint\": \"https://test.auth.endpoint/oidc/v1/token\"\n" - + "}"; - - try (FixtureServer server = - new FixtureServer() - .with("GET", discoveryUrlSuffix, "", 400) - .with("GET", "/oidc/.well-known/oauth-authorization-server", OIDCResponse, 200)) { - - String discoveryUrl = server.getUrl() + discoveryUrlSuffix; - - OpenIDConnectEndpoints oidcEndpoints = - new DatabricksConfig() - .setHost(server.getUrl()) - .setDiscoveryUrl(discoveryUrl) - .setHttpClient(new CommonsHttpClient.Builder().withTimeoutSeconds(30).build()) - .getOidcEndpoints(); - - assertEquals( - "https://test.auth.endpoint/oidc/v1/authorize", oidcEndpoints.getAuthorizationEndpoint()); - assertEquals("https://test.auth.endpoint/oidc/v1/token", oidcEndpoints.getTokenEndpoint()); - } - } - @Test public void testNewWithWorkspaceHost() { DatabricksConfig config = From d4d14cd6250ba85b5c2a419210f3b68eda753bbe Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Wed, 17 Sep 2025 00:58:57 +0530 Subject: [PATCH 09/10] fix fmt --- .../databricks/sdk/core/DatabricksConfig.java | 42 +++++++++---------- .../sdk/core/oauth/OAuthClient.java | 28 ++++++------- 2 files changed, 33 insertions(+), 37 deletions(-) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java index 2a6122e88..a017dbac0 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java @@ -239,7 +239,7 @@ public TokenSource getTokenSource() { return (TokenSource) headerFactory; } return new ErrorTokenSource( - String.format("OAuth Token not supported for current auth type %s", authType)); + String.format("OAuth Token not supported for current auth type %s", authType)); } public CredentialsProvider getCredentialsProvider() { @@ -431,17 +431,13 @@ public DatabricksConfig setAzureUseMsi(boolean azureUseMsi) { return this; } - /** - * @deprecated Use {@link #getAzureUseMsi()} instead. - */ + /** @deprecated Use {@link #getAzureUseMsi()} instead. */ @Deprecated() public boolean getAzureUseMSI() { return azureUseMsi; } - /** - * @deprecated Use {@link #getAzureUseMsi()} instead. - */ + /** @deprecated Use {@link #getAzureUseMsi()} instead. */ @Deprecated public DatabricksConfig setAzureUseMSI(boolean azureUseMsi) { this.azureUseMsi = azureUseMsi; @@ -688,10 +684,10 @@ private OpenIDConnectEndpoints fetchDefaultOidcEndpoints() throws IOException { } ApiClient apiClient = - new ApiClient.Builder() - .withHttpClient(getHttpClient()) - .withGetHostFunc(v -> getHost()) - .build(); + new ApiClient.Builder() + .withHttpClient(getHttpClient()) + .withGetHostFunc(v -> getHost()) + .build(); try { return apiClient.execute( new Request("GET", "/oidc/.well-known/oauth-authorization-server"), @@ -761,18 +757,18 @@ public DatabricksConfig clone() { public DatabricksConfig newWithWorkspaceHost(String host) { Set fieldsToSkip = - new HashSet<>( - Arrays.asList( - // The config for WorkspaceClient has a different host and Azure Workspace resource - // ID, and also omits - // the account ID. - "host", - "accountId", - "azureWorkspaceResourceId", - // For cloud-native OAuth, we need to reauthenticate as the audience has changed, so - // don't cache the - // header factory. - "headerFactory")); + new HashSet<>( + Arrays.asList( + // The config for WorkspaceClient has a different host and Azure Workspace resource + // ID, and also omits + // the account ID. + "host", + "accountId", + "azureWorkspaceResourceId", + // For cloud-native OAuth, we need to reauthenticate as the audience has changed, so + // don't cache the + // header factory. + "headerFactory")); return clone(fieldsToSkip).setHost(host); } diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java index 9f9669c74..38c61b6ac 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/OAuthClient.java @@ -119,7 +119,7 @@ private OAuthClient(Builder b) throws IOException { this.hc = b.hc; DatabricksConfig config = - new DatabricksConfig().setHost(b.host).setAccountId(b.accountId).resolve(); + new DatabricksConfig().setHost(b.host).setAccountId(b.accountId).resolve(); openIDConnectEndpoints = b.openIDConnectEndpoints; if (openIDConnectEndpoints == null) { throw new DatabricksException(b.host + " does not support OAuth"); @@ -190,9 +190,9 @@ private static byte[] sha256(byte[] input) { private static String urlEncode(String urlBase, Map params) { String queryParams = - params.entrySet().stream() - .map(entry -> entry.getKey() + "=" + entry.getValue()) - .collect(Collectors.joining("&")); + params.entrySet().stream() + .map(entry -> entry.getKey() + "=" + entry.getValue()) + .collect(Collectors.joining("&")); return urlBase + "?" + queryParams.replaceAll(" ", "%20"); } @@ -214,15 +214,15 @@ public Consent initiateConsent() throws MalformedURLException { String url = urlEncode(authUrl, params); return new Consent.Builder() - .withClientId(clientId) - .withClientSecret(clientSecret) - .withAuthUrl(url) - .withTokenUrl(tokenUrl) - .withRedirectUrl(redirectUrl) - .withState(state) - .withVerifier(verifier) - .withHttpClient(hc) - .withBrowserTimeout(browserTimeout) - .build(); + .withClientId(clientId) + .withClientSecret(clientSecret) + .withAuthUrl(url) + .withTokenUrl(tokenUrl) + .withRedirectUrl(redirectUrl) + .withState(state) + .withVerifier(verifier) + .withHttpClient(hc) + .withBrowserTimeout(browserTimeout) + .build(); } } From c0f3eb8f1c0878af3aa3a563433494c9a10325e3 Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Wed, 17 Sep 2025 01:12:59 +0530 Subject: [PATCH 10/10] fmt --- .../main/java/com/databricks/sdk/core/DatabricksConfig.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java index a017dbac0..074e97974 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java @@ -676,7 +676,7 @@ private OpenIDConnectEndpoints fetchDefaultOidcEndpoints() throws IOException { return null; } return new OpenIDConnectEndpoints( - realAuthUrl.replaceAll("/authorize", "/token"), realAuthUrl); + realAuthUrl.replaceAll("/authorize", "/token"), realAuthUrl); } if (isAccountClient() && getAccountId() != null) { String prefix = getHost() + "/oidc/accounts/" + getAccountId(); @@ -690,8 +690,8 @@ private OpenIDConnectEndpoints fetchDefaultOidcEndpoints() throws IOException { .build(); try { return apiClient.execute( - new Request("GET", "/oidc/.well-known/oauth-authorization-server"), - OpenIDConnectEndpoints.class); + new Request("GET", "/oidc/.well-known/oauth-authorization-server"), + OpenIDConnectEndpoints.class); } catch (IOException e) { throw new DatabricksException("IO error: " + e.getMessage(), e); }