Skip to content

[PECOBLR-15] Respect OAuth Discovery URL for ExternalBrowserCredentialsStrategy #505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Sep 17, 2025
Merged

[PECOBLR-15] Respect OAuth Discovery URL for ExternalBrowserCredentialsStrategy #505

merged 13 commits into from
Sep 17, 2025

Conversation

@samikshya-db
Copy link
Contributor

@samikshya-db samikshya-db commented Aug 26, 2025
edited
Loading

What changes are proposed in this pull request?

  • WHAT : Discovery URL is currently being honored only in the M2M flow. This PR makes changes to honor it for U2M and other flows as well. Discovery URL was added by me last year in SDK for M2M flow Link
  • I have also added a fallback to defaultOIDC flow to make this backward compatible too. skipped the fallback in this PR, will raise in a followup if I get approval from the SDK team
  • WHY : A major customer ask is to extend discovery URL for U2M flow as well.

How is this tested?

Tested that discovery URL is being honored in U2M as well. Tested this using the OSS JDBC with the following URL

  1. Success flow test :
String jdbcUrl =
        "jdbc:databricks://e2-dogfood.staging.cloud.databricks.com:443/default;transportMode=http;ssl=1;httpPath=/sql/1.0/warehouses/dd43ee29fedd958d;"
            + "AuthMech=11;Auth_Flow=2;LogLevel=6;UseThriftClient=0;EnableTokenCache=0;OIDCDiscoveryEndpoint=https://e2-dogfood.staging.cloud.databricks.com/oidc/.well-known/oauth-authorization-server";
  1. Failure flow test :
String jdbcUrl =
        "jdbc:databricks://e2-dogfood.staging.cloud.databricks.com:443/default;transportMode=http;ssl=1;httpPath=/sql/1.0/warehouses/dd43ee29fedd958d;"
            + "AuthMech=11;Auth_Flow=2;LogLevel=6;UseThriftClient=0;EnableTokenCache=0;OIDCDiscoveryEndpoint=https://google.com";

@samikshya-db samikshya-db marked this pull request as ready for review August 30, 2025 08:05
@samikshya-db samikshya-db changed the title Honor discovery url for flows other than M2M [PECOBLR-15] Honor discovery url for flows other than M2M Aug 30, 2025
@mgyucht mgyucht changed the title [PECOBLR-15] Honor discovery url for flows other than M2M [PECOBLR-15] Respect OAuth Discovery URL for ExternalBrowserCredentialsStrategy Sep 16, 2025
mgyucht
mgyucht reviewed Sep 16, 2025
View reviewed changes
Copy link
Contributor

@mgyucht mgyucht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this PR, can we split out the fallback-to-default behavior to a separate discussion? Otherwise, the changes to the ExternalBrowserCredentialsStrategy and OAuthClient seem good to me.

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/sdk-java

Inputs:

  • PR number: 505
  • Commit SHA: a67b02a38ea76b0584dc36798071506f6db9708f

Checks will be approved automatically on success.

mgyucht
mgyucht approved these changes Sep 17, 2025
View reviewed changes
Copy link
Contributor

@mgyucht mgyucht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mgyucht mgyucht added this pull request to the merge queue Sep 17, 2025
Merged via the queue into databricks:main with commit a233879 Sep 17, 2025
15 checks passed
@samikshya-db samikshya-db mentioned this pull request Sep 17, 2025
Merged
samikshya-db added a commit to databricks/databricks-jdbc that referenced this pull request Sep 18, 2025
@samikshya-db
Upgrade SDK - to support discovery url on U2M (AWS and GCP flows) (#1011
c0e788f 
)

## Description
- This is to support Discovery URL for U2M AWS and GCP in OSS JDBC
databricks/databricks-sdk-java#505 (Note azure
is not supported as it has a different flow in OSS JDBC)

## Testing
Tested that discovery URL is being honored in U2M as well. Tested this
using the OSS JDBC with the following URL
1. Success flow test : 
```
String jdbcUrl =
        "jdbc:databricks://e2-dogfood.staging.cloud.databricks.com:443/default;transportMode=http;ssl=1;httpPath=/sql/1.0/warehouses/dd43ee29fedd958d;"
            + "AuthMech=11;Auth_Flow=2;LogLevel=6;UseThriftClient=0;EnableTokenCache=0;OIDCDiscoveryEndpoint=https://e2-dogfood.staging.cloud.databricks.com/oidc/.well-known/oauth-authorization-server";
```
2. Failure flow test : 
```
String jdbcUrl =
        "jdbc:databricks://e2-dogfood.staging.cloud.databricks.com:443/default;transportMode=http;ssl=1;httpPath=/sql/1.0/warehouses/dd43ee29fedd958d;"
            + "AuthMech=11;Auth_Flow=2;LogLevel=6;UseThriftClient=0;EnableTokenCache=0;OIDCDiscoveryEndpoint=https://google.com";
```

Also tested using GCP : 

```
"jdbc:databricks://6177827686947384.4.gcp.databricks.com:443/default;transportMode=http;ssl=1;EnableTokenCache=0;AuthMech=11;Auth_Flow=2;httpPath=/sql/1.0/warehouses/f5e97c8f8dfb56b5;OIDCDiscoveryEndpoint=https://6177827686947384.4.gcp.databricks.com/oidc/.well-known/oauth-authorization-server";
   
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mgyucht mgyucht mgyucht approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@samikshya-db @mgyucht