steve/databricks-cli
steve
/
databricks-cli
mirror of https://github.com/databricks/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
databricks-cli/cmd/auth
History
shreyas-goenka c19c8bbbf7
Add library to store cmd-exec-id in context (#2439) 
## Why
The command execution ID is a UUID that should be initialized once, and
then have a consistent read value for the duration of the command.

As we start emitting telemetry events, we also want to emit the command
execution ID in the telemetry payload. This library helps consolidate
all reads to the `cmd-exec-id` value, and ensures there's only one write
for the UUID.

relevant comment:
https://github.com/databricks/cli/pull/2432#discussion_r1982884235

## Tests
Unit tests.
 		2025-03-10 13:11:24 +00:00
..
testdata Fix host resolution order in `auth login` (#1370) 2024-08-14 13:01:00 +00:00
README.md Rename bricks -> databricks (#389) 2023-05-16 18:35:39 +02:00
auth.go Enable perfsprint linter and apply autofix (#2071) 2025-01-07 10:49:23 +00:00
describe.go Move `WorkspaceClient` to `libs/command` (#2444) 2025-03-07 16:47:19 +00:00
describe_test.go Move `WorkspaceClient` to `libs/command` (#2444) 2025-03-07 16:47:19 +00:00
env.go Enable perfsprint linter and apply autofix (#2071) 2025-01-07 10:49:23 +00:00
login.go Enable perfsprint linter and apply autofix (#2071) 2025-01-07 10:49:23 +00:00
login_test.go Fix host resolution order in `auth login` (#1370) 2024-08-14 13:01:00 +00:00
profiles.go Update error checks that use the `os` package to use `errors.Is` (#1461) 2024-06-03 12:39:36 +00:00
profiles_test.go Pass `DATABRICKS_CONFIG_FILE` env var to sdk config during `auth profiles` (#1394) 2024-04-24 09:18:13 +00:00
token.go Add doc string for the `auth token` command (#2302) 2025-02-07 11:51:37 +00:00
token_test.go Add library to store cmd-exec-id in context (#2439) 2025-03-10 13:11:24 +00:00

README.md

Auth challenge (happy path)

Simplified description of PKCE implementation:

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks auth login HOST`
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->> CLI: start embedded server to consume redirects (lock)
    CLI -->>+ Auth Endpoint: open browser with RND1 + SHA256(RND2)

    User ->>+ Auth Endpoint: Go through SSO
    Auth Endpoint ->>- CLI: AUTH CODE + 'RND1 (redirect)

    CLI ->>+ Token Endpoint: Exchange: AUTH CODE + RND2
    Token Endpoint ->>- CLI: Access Token (JWT) + refresh + expiry
    CLI ->> Token cache: Save Access Token (JWT) + refresh + expiry
    CLI ->> User: success

Token refresh (happy path)

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks token HOST`

    CLI ->> CLI: acquire lock (same local addr as redirect server)
    CLI ->>+ Token cache: read token

    critical token not expired
    Token cache ->>- User: JWT (without refresh)

    option token is expired
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->>+ Token Endpoint: refresh token
    Token Endpoint ->>- CLI: JWT (refreshed)
    CLI ->> Token cache: save JWT (refreshed)
    CLI ->> User: JWT (refreshed)

    option no auth for host
    CLI -X User: no auth configured
    end