Creating a Custom OAuth Application

Databricks supports the OAuth 2.0 standard, which allows users to authenticate through a secure browser-based login. The driver facilitates this OAuth exchange to obtain and refresh access tokens on the user's behalf using the OAuthU2M (User-to-Machine) flow.

By default, the driver uses a built-in OAuth application for this flow. However, in cases where you need to define a custom redirect URL or manage access scopes, you can register your own OAuth application in Databricks. This provides more flexibility and ensures compatibility with environments where the default configuration is not sufficient.

To obtain the OAuth client credentials, such as the client ID and redirect URL, follow these steps to create a custom OAuth application in the Databricks Account Console:

1. Log in to the Databricks Account Console.
2. Click the Settings icon in the sidebar and select the App connections tab.
3. Click Add connection.
4. Enter an application name to be displayed to users when they log in to grant permissions to your custom OAuth application.
5. Enter one or more Redirect URLs for the application. If you are making a desktop application, set the Redirect URL to http://localhost:33333 or another available port. If you are making a web application, set the Redirect URL to a page on your site that handles the redirect after authorization.
6. Under Access scopes, include the required scopes:
   • openid, email, profile: Required to generate the ID token
   • offline_access: Required to generate refresh tokens
   • sql: Required for access to Databricks SQL APIs
   • all-apis: Optional, for full API access beyond SQL
7. Set the access token and refresh token TTL values, or leave them at the defaults.
8. If prompted, choose whether to generate a client secret.
9. Click Create to register the application. The system displays your application's OAuth credentials, including the client ID, and if selected, the client secret.
10. Record these settings for future reference. If a client secret was generated, make sure to store it securely as it cannot be retrieved later.

Once you've registered your application, use the client ID and redirect URI in your connection string. For instructions on using these credentials in your connection string, see Establishing a Connection.

To learn more about managing OAuth applications in Databricks, refer to the Databricks documentation.