steve/databricks-cli
steve
/
databricks-cli
mirror of https://github.com/databricks/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
databricks-cli/cmd/auth
History
shreyas-goenka b71f853649
Do not prefill https:// in prompt for Databricks Host (#1364) 
## Changes
This PR is a minor UX improvement. By not autofilling the https://
prefix in Databricks Host we allow users to directly copy-paste from
their browser.

UX:
```
➜  cli git:(fix/copy-host) cli auth login
Databricks Profile Name: my-profile
Databricks Host (e.g. https://<databricks-instance>.cloud.databricks.com): https://foobar.cloud.databricks.com
Profile my-profile was successfully saved
```

## Tests
Manually.
 		2024-04-15 17:31:00 +00:00
..
README.md Rename bricks -> databricks (#389) 2023-05-16 18:35:39 +02:00
auth.go Do not prefill https:// in prompt for Databricks Host (#1364) 2024-04-15 17:31:00 +00:00
describe.go Fixed typo in error template for auth describe (#1341) 2024-04-08 11:19:13 +00:00
describe_test.go Added `auth describe` command (#1244) 2024-04-03 08:14:04 +00:00
env.go Added `env.UserHomeDir(ctx)` for parallel-friendly tests (#955) 2023-11-08 14:50:20 +00:00
login.go Ask for host when .databrickscfg doesn't exist (#1041) 2023-12-04 15:40:52 +00:00
login_test.go Tolerate missing .databrickscfg file during `databricks auth login` (#1003) 2023-11-23 09:04:54 +00:00
profiles.go Don't attempt auth in `auth profiles --skip-validate` (#1282) 2024-04-05 10:19:54 +00:00
profiles_test.go Don't attempt auth in `auth profiles --skip-validate` (#1282) 2024-04-05 10:19:54 +00:00
token.go Use profile information when getting a token using the CLI (#855) 2023-10-11 11:12:18 +00:00

README.md

Auth challenge (happy path)

Simplified description of PKCE implementation:

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks auth login HOST`
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->> CLI: start embedded server to consume redirects (lock)
    CLI -->>+ Auth Endpoint: open browser with RND1 + SHA256(RND2)

    User ->>+ Auth Endpoint: Go through SSO
    Auth Endpoint ->>- CLI: AUTH CODE + 'RND1 (redirect)

    CLI ->>+ Token Endpoint: Exchange: AUTH CODE + RND2
    Token Endpoint ->>- CLI: Access Token (JWT) + refresh + expiry
    CLI ->> Token cache: Save Access Token (JWT) + refresh + expiry
    CLI ->> User: success

Token refresh (happy path)

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks token HOST`

    CLI ->> CLI: acquire lock (same local addr as redirect server)
    CLI ->>+ Token cache: read token

    critical token not expired
    Token cache ->>- User: JWT (without refresh)

    option token is expired
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->>+ Token Endpoint: refresh token
    Token Endpoint ->>- CLI: JWT (refreshed)
    CLI ->> Token cache: save JWT (refreshed)
    CLI ->> User: JWT (refreshed)

    option no auth for host
    CLI -X User: no auth configured
    end