steve/databricks-cli
steve
/
databricks-cli
mirror of https://github.com/databricks/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
databricks-cli/cmd/auth
History
Ilia Babanov 338fe1fe62
Don't attempt auth in `auth profiles --skip-validate` (#1282) 
This makes the command almost instant, no matter how many profiles cfg
file has. One downside is that we don't set AuthType for profiles that
don't have it defined.

We can technically infer AuthType based on ConfigAttributes tags, but
their names are different from the names of actual auth providers (and
some tags cover multiple providers at the same time).
 		2024-04-05 10:19:54 +00:00
..
README.md Rename bricks -> databricks (#389) 2023-05-16 18:35:39 +02:00
auth.go Added `auth describe` command (#1244) 2024-04-03 08:14:04 +00:00
describe.go Fixed message for successful auth describe run (#1336) 2024-04-03 15:47:45 +00:00
describe_test.go Added `auth describe` command (#1244) 2024-04-03 08:14:04 +00:00
env.go Added `env.UserHomeDir(ctx)` for parallel-friendly tests (#955) 2023-11-08 14:50:20 +00:00
login.go Ask for host when .databrickscfg doesn't exist (#1041) 2023-12-04 15:40:52 +00:00
login_test.go Tolerate missing .databrickscfg file during `databricks auth login` (#1003) 2023-11-23 09:04:54 +00:00
profiles.go Don't attempt auth in `auth profiles --skip-validate` (#1282) 2024-04-05 10:19:54 +00:00
profiles_test.go Don't attempt auth in `auth profiles --skip-validate` (#1282) 2024-04-05 10:19:54 +00:00
token.go Use profile information when getting a token using the CLI (#855) 2023-10-11 11:12:18 +00:00

README.md

Auth challenge (happy path)

Simplified description of PKCE implementation:

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks auth login HOST`
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->> CLI: start embedded server to consume redirects (lock)
    CLI -->>+ Auth Endpoint: open browser with RND1 + SHA256(RND2)

    User ->>+ Auth Endpoint: Go through SSO
    Auth Endpoint ->>- CLI: AUTH CODE + 'RND1 (redirect)

    CLI ->>+ Token Endpoint: Exchange: AUTH CODE + RND2
    Token Endpoint ->>- CLI: Access Token (JWT) + refresh + expiry
    CLI ->> Token cache: Save Access Token (JWT) + refresh + expiry
    CLI ->> User: success

Token refresh (happy path)

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks token HOST`

    CLI ->> CLI: acquire lock (same local addr as redirect server)
    CLI ->>+ Token cache: read token

    critical token not expired
    Token cache ->>- User: JWT (without refresh)

    option token is expired
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->>+ Token Endpoint: refresh token
    Token Endpoint ->>- CLI: JWT (refreshed)
    CLI ->> Token cache: save JWT (refreshed)
    CLI ->> User: JWT (refreshed)

    option no auth for host
    CLI -X User: no auth configured
    end