mirror of https://github.com/databricks/cli.git
1c02224902
## Changes * Currently, we use `auth profiles` command with `DATABRICKS_CONFIG_FILE` env var set, the file pointed to by the env var is ONLY used for loading the profile names (ini file sections). It is not passed to go sdk config object. We also don't use env variable loader in the go sdk config object, so this env var is ignored by the config and only default file is read. * This PR explicitly sets the config file path in the go sdk config object. ## Tests * integration tests in vscode |
||
|---|---|---|
| .. | ||
| README.md | ||
| auth.go | ||
| describe.go | ||
| describe_test.go | ||
| env.go | ||
| login.go | ||
| login_test.go | ||
| profiles.go | ||
| profiles_test.go | ||
| token.go | ||
README.md
Auth challenge (happy path)
Simplified description of PKCE implementation:
sequenceDiagram
autonumber
actor User
User ->> CLI: type `databricks auth login HOST`
CLI ->>+ HOST: request OIDC endpoints
HOST ->>- CLI: auth & token endpoints
CLI ->> CLI: start embedded server to consume redirects (lock)
CLI -->>+ Auth Endpoint: open browser with RND1 + SHA256(RND2)
User ->>+ Auth Endpoint: Go through SSO
Auth Endpoint ->>- CLI: AUTH CODE + 'RND1 (redirect)
CLI ->>+ Token Endpoint: Exchange: AUTH CODE + RND2
Token Endpoint ->>- CLI: Access Token (JWT) + refresh + expiry
CLI ->> Token cache: Save Access Token (JWT) + refresh + expiry
CLI ->> User: success
Token refresh (happy path)
sequenceDiagram
autonumber
actor User
User ->> CLI: type `databricks token HOST`
CLI ->> CLI: acquire lock (same local addr as redirect server)
CLI ->>+ Token cache: read token
critical token not expired
Token cache ->>- User: JWT (without refresh)
option token is expired
CLI ->>+ HOST: request OIDC endpoints
HOST ->>- CLI: auth & token endpoints
CLI ->>+ Token Endpoint: refresh token
Token Endpoint ->>- CLI: JWT (refreshed)
CLI ->> Token cache: save JWT (refreshed)
CLI ->> User: JWT (refreshed)
option no auth for host
CLI -X User: no auth configured
end