Configure OAuth Using Databricks Built-In OAuth Service

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Databricks on AWS supports internal OAuth.

In case of internal Databricks OAuth, also known as app-connections, Compose connects to Databricks and then redirects to your configured IdP. You can use any IdP for Internal OAuth.

To configure OAuth for Compose, perform these steps:

Enable a Custom OAuth Application in Databricks

Important

Ensure that you have Databricks admin privileges.

To enable a custom OAuth application in the Databricks UI, perform the steps mentioned in Enable Custom OAuth Applications Using the Databricks UI.

After you have completed all the steps, gather the following information:

  • Client ID

  • Client Secret

  • SQL Warehouse JDBC URI (Go to Workspace > SQL Warehouses > <your preferred warehouse> > Connection Details > JDBC URL (2.6.5 or later))

Configure OAuth for Compose in Alation

  1. In Alation, open the Settings page of your data source.

  2. Go to the Compose tab.

  3. Under Compose Connections, modify the default connection or create a new one. To enable OAuth, add parameters AuthMech=11;Auth_Flow=0.

    Use the following URL format for connection:

    databricks://<workspace>.cloud.databricks.com:443/default;transportMode=http;ssl=1;httpPath=/sql/1.0/warehouses/<warehouse-id>;AuthMech=11;Auth_Flow=0;.

  4. Under the OAuth Connection section, select the checkbox Enable OAuth 2.0 in Compose. This reveals several parameters for the OAuth setup.

    ../../../_images/OCF_AzureDB_NewOAuthSettings.png

  5. Enter the values into the fields and click Save.

    Field

    Value

    Client ID

    Provide the client ID.

    Client Secret

    Provide the client secret value.

    Request Refresh Token

    Select the Request Refresh Token to enable requests for refresh tokens.

    Enable PKCE

    Leave as is (unselected). This setting does not apply to this data source type.

    Authorization Endpoint

    Provide the authorization endpoint. Use the following format https://<workspace>.cloud.databricks.com /oidc/v1/authorize

    Token Endpoints

    Provide the token endpoint. Use the following format https://<workspace>.cloud.databricks.com/oidc/v1/token

    Default Scope

    Use the value sql

    Refresh Scope

    Use the value offline_access

    Username Field/Claim

    Use the value sub.

    JWT

    Select this checkbox (required).

    Access Token Parameter name

    Use the value Auth_AccessToken.

    OAuth Enablers

    Provide the value AuthMech=11&Auth_Flow=0. Make sure there is an ampersand symbol between the parameters.

Connect in Compose

After you have completed the configuration, Compose users should be able to connect to Databricks using OAuth-enabled connections and run queries.

To connect to the database in Compose:

  1. Click Connection Settings to open the connection settings dialog.

    ../../../_images/OCF_AzureDB_ConnectionSettings.png

  2. In the Connection Settings dialog that opens, select the OAuth-enabled connection.

  3. From the Connect as (Select User) list, select your user or click Add New (SSO login).

  4. The Databricks login page opens in a new tab. Authenticate with your Databricks credentials.