rusackas commented on code in PR #41421:
URL: https://github.com/apache/superset/pull/41421#discussion_r3484710845
##########
superset/db_engine_specs/databricks.py:
##########
@@ -277,6 +283,105 @@ class
DatabricksDynamicBaseEngineSpec(BasicParametersMixin, DatabricksBaseEngine
"port": "port",
}
+ # OAuth2 endpoints for different cloud providers
+ _oauth2_endpoints = {
+ "aws": {
+ "authorization_request_uri":
"https://accounts.cloud.databricks.com/oidc/accounts/{}/v1/authorize";,
+ "token_request_uri":
"https://accounts.cloud.databricks.com/oidc/accounts/{}/v1/token";,
+ },
+ "azure": {
+ "authorization_request_uri":
"https://login.microsoftonline.com/{}/oauth2/v2.0/authorize";,
+ "token_request_uri":
"https://login.microsoftonline.com/{}/oauth2/v2.0/token";,
+ },
Review Comment:
Good question, and they weren't, honestly. That was pointing at Entra
directly, which is a different flow than Databricks-hosted U2M. Databricks
fronts OAuth itself at `https://<host>/oidc/v1/authorize` on all three clouds,
so `330e628d` rips out the per-cloud templates (and the
`account_id`/`tenant_id` juggling) and just derives the authorize endpoint from
the workspace host. The token endpoint still has to be set explicitly since
there's no DB context at exchange time, but it's the same `/oidc/v1/token` path
now. Thanks for catching it!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
