Databricks
Databricks supports various authentication methods, as outlined in their documentation. We recommend the use of OAuth 2.0 for users (OAuth U2M). A general introduction on OAuth 2.0 can be found here.
Creating an OAuth 2.0 integration (admin)
First an OAuth 2.0 integration needs be setup by one of the VIKTOR admins. This needs to be done in Databricks and in VIKTOR.
- Navigate to the "Integrations" tab in the Administrator panel
- Select the OAuth 2.0 integrations tab
- Click "Add OAuth 2.0 integration"
- Follow the steps provided in the modal
- Select "Databricks"
- Fill in the basic information of the integration, including the app that the integration should be available to
- Fill in the credentials needed to establish a connection. These credentials can found in your Databricks app.
- For gathering the OAuth 2.0 integration information, navigate to Databricks account console of your organization and then navigate to the Settings. Account console is https://accounts.cloud.databricks.com/ if the Databricks setup does not live on Azure.
- Go to App Connections tab and add a new connection.
- Fill in basic connection information.
- Add
<your-viktor-environment-url>/api/integrations/oauth2/callback/to the allowed redirect urls. - Select the scope for your integration and make sure to enable generate a client secret.
- Use minimum scope for your application(s) to function when creating integration on VIKTOR. This would limit the impact when there is misuse of integrated software.
- Use a short Time-to-Live for your Access Tokens when configuring the OAuth 2.0 application on the integration provider.
- When the integration is created, you should copy the Client ID and Client Secret information and fill into the modal in the VIKTOR. You will not be able to gather these credentials again.
- If you are intending to use Accounts API the urls can be set like below:
- Authentication URL:
<Your Account Console Url>/oidc/accounts/<account-id>/v1/authorizewhich is mostly resembling tohttps://accounts.cloud.databricks.com/oidc/accounts/00000000-abcd-efgh-ijkl-000000000000/v1/authorize - Token URL:
<Your Account Console Url>/oidc/accounts/<account-id>/v1/tokenwhich is mostly resembling tohttps://accounts.cloud.databricks.com/oidc/accounts/00000000-abcd-efgh-ijkl-000000000000/v1/token - You can find your account id in your account console, profile section.
- Authentication URL:
- If you are intending to use Workspace API the urls can be set like below:
- Authentication URL:
<Your Databricks Workspace Instance URL>/oidc/v1/authorizewhich is mostly resembling tohttps://myworkspace.cloud.databricks.com/oidc/v1/authorize - Token URL:
<Your Databricks Workspace Instance URL>/oidc/v1/tokenwhich is mostly resembling tohttps://myworkspace.cloud.databricks.com/oidc/v1/token - You can find your workspace url on the Browser URL part when you enter your Databricks workspace.
- Authentication URL:
Implementing the integration in an app (developer)
When the Databricks OAuth 2.0 integration has been set up and been assigned to the app, the developer can start implementing the integration.
OAuth 2.0 integrations information in the app details page
First the integration is added in the config file, using the integration name. This is used by the platform to trigger a login button for the user when entering the app.
viktor.config.toml
...
oauth2_integrations = [
"databricks-workspace-1"
]
...
Secondly the logic that uses the integration can be implemented in the app. Using Databrick's Python SDK, you can quickly integrate.
In order to obtain the necessary token for authentication, you instantiate the OAuth2Integration class with the integration name and call the method get_access_token.
import viktor as vkt
from databricks.sdk import WorkspaceClient
integration = vkt.OAuth2Integration('databricks-workspace-1')
access_token = integration.get_access_token()
client = WorkspaceClient(
host="http://myworkspace.cloud.databricks.com/",
token=access_token
)
for cluster in client.clusters.list():
print(cluster.cluster_name)