mirror of
https://github.com/apache/superset.git
synced 2026-07-11 17:25:31 +00:00
docs(databricks): clarify token endpoint is not auto-detected
The authorization endpoint auto-resolves from the hostname, but the token exchange has no database context, so token_request_uri must be supplied for the auto-detected flow. Docs implied both endpoints auto-detect. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -542,16 +542,19 @@ DATABASE_OAUTH2_CLIENTS = {
|
||||
"id": "your-databricks-client-id",
|
||||
"secret": "your-databricks-client-secret",
|
||||
"scope": "sql",
|
||||
# OAuth2 endpoints are auto-detected based on hostname, but can be overridden:
|
||||
# The authorization endpoint is auto-detected from the hostname; the
|
||||
# token endpoint must be set explicitly (no DB context at exchange):
|
||||
# AWS: "authorization_request_uri": "https://accounts.cloud.databricks.com/oidc/accounts/{account_id}/v1/authorize",
|
||||
# Azure: "authorization_request_uri": "https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize",
|
||||
# GCP: "authorization_request_uri": "https://accounts.gcp.databricks.com/oidc/accounts/{account_id}/v1/authorize",
|
||||
# "token_request_uri": "https://<provider-token-endpoint>",
|
||||
},
|
||||
"Databricks": {
|
||||
"id": "your-databricks-client-id",
|
||||
"secret": "your-databricks-client-secret",
|
||||
"scope": "sql",
|
||||
# OAuth2 endpoints are auto-detected based on hostname
|
||||
# Authorization endpoint auto-detected from hostname; set
|
||||
# "token_request_uri" explicitly for the token exchange.
|
||||
},
|
||||
}
|
||||
|
||||
@@ -595,11 +598,14 @@ For AWS and GCP, supply `account_id` instead:
|
||||
}
|
||||
```
|
||||
|
||||
Valid cloud provider values are: `aws`, `azure`, `gcp`. When the OAuth2 endpoints
|
||||
are auto-detected, Superset substitutes this identifier into the provider's
|
||||
endpoint template. If you instead supply fully-resolved `authorization_request_uri`
|
||||
and `token_request_uri` values in `DATABASE_OAUTH2_CLIENTS`, those take precedence
|
||||
and no `account_id`/`tenant_id` is required.
|
||||
Valid cloud provider values are: `aws`, `azure`, `gcp`. The **authorization**
|
||||
endpoint is auto-detected: Superset substitutes this identifier into the
|
||||
provider's authorization template. The **token** endpoint is not auto-resolved
|
||||
(token exchange has no database context to detect the provider), so for the
|
||||
auto-detected flow you must still supply a fully-resolved `token_request_uri`
|
||||
in `DATABASE_OAUTH2_CLIENTS`. If you supply fully-resolved
|
||||
`authorization_request_uri` and `token_request_uri` values, those take
|
||||
precedence and no `account_id`/`tenant_id` is required.
|
||||
|
||||
###### Usage
|
||||
|
||||
|
||||
Reference in New Issue
Block a user