[Feature]Add support for discovery URL (#336)

## Changes - The current state of SDK : OAuth Token and auth endpoints: we build the discovery endpoint from the host url set in DatabricksConfig. - The changed state in SDK : We fetch the token endpoint and auth endpoint from discovery endpoint. This is useful for scenarios when customers have their own auth endpoints. ## Tests - Manually tested using SQL driver - Also added unit tests --------- Co-authored-by: Vikrant Puppala <vikrant.puppala@databricks.com> Co-authored-by: Miles Yucht <miles@databricks.com>
databricks · Aug 30, 2024 · e00d328 · e00d328
1 parent bea4755
commit e00d328
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 1 deletion.
diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java
@@ -38,6 +38,15 @@ public class DatabricksConfig {
   @ConfigAttribute(env = "DATABRICKS_REDIRECT_URL", auth = "oauth")
   private String redirectUrl;
 
+  /**
+   * The OpenID Connect discovery URL used to retrieve OIDC configuration and endpoints.
+   *
+   * <p><b>Note:</b> This API is experimental and may change or be removed in future releases
+   * without notice.
+   */
+  @ConfigAttribute(env = "DATABRICKS_DISCOVERY_URL")
+  private String discoveryUrl;
+
   @ConfigAttribute(env = "DATABRICKS_USERNAME", auth = "basic")
   private String username;
 
@@ -221,6 +230,15 @@ public DatabricksConfig setHost(String host) {
     return this;
   }
 
+  public String getDiscoveryUrl() {
+    return discoveryUrl;
+  }
+
+  public DatabricksConfig setDiscoveryUrl(String discoveryUrl) {
+    this.discoveryUrl = discoveryUrl;
+    return this;
+  }
+
   public String getAccountId() {
     return accountId;
   }
@@ -596,10 +614,29 @@ public boolean isAccountClient() {
   }
 
   public OpenIDConnectEndpoints getOidcEndpoints() throws IOException {
+    if (discoveryUrl == null) {
+      return fetchDefaultOidcEndpoints();
+    }
+    return fetchOidcEndpointsFromDiscovery();
+  }
+
+  private OpenIDConnectEndpoints fetchOidcEndpointsFromDiscovery() {
+    try {
+      Request request = new Request("GET", discoveryUrl);
+      Response resp = getHttpClient().execute(request);
+      if (resp.getStatusCode() == 200) {
+        return new ObjectMapper().readValue(resp.getBody(), OpenIDConnectEndpoints.class);
+      }
+    } catch (IOException e) {
+      throw ConfigLoader.makeNicerError(e.getMessage(), e, this);
+    }
+    return null;
+  }
+
+  private OpenIDConnectEndpoints fetchDefaultOidcEndpoints() throws IOException {
     if (getHost() == null) {
       return null;
     }
-
     if (isAzure() && getAzureClientId() != null) {
       Request request = new Request("GET", getHost() + "/oidc/oauth2/v2.0/authorize");
       request.setRedirectionBehavior(false);

diff --git a/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java b/databricks-sdk-java/src/test/java/com/databricks/sdk/core/DatabricksConfigTest.java
@@ -2,6 +2,8 @@
 
 import static org.junit.jupiter.api.Assertions.*;
 
+import com.databricks.sdk.core.commons.CommonsHttpClient;
+import com.databricks.sdk.core.oauth.OpenIDConnectEndpoints;
 import com.databricks.sdk.core.utils.Environment;
 import java.io.IOException;
 import java.util.ArrayList;
@@ -108,4 +110,31 @@ public void testAccountLevelOidcEndpoints() throws IOException {
             .getAuthorizationEndpoint(),
         "https://accounts.cloud.databricks.com/oidc/accounts/1234567890/v1/authorize");
   }
+
+  @Test
+  public void testDiscoveryEndpoint() throws IOException {
+    String discoveryUrlSuffix = "/test.discovery.url";
+    String discoveryUrlResponse =
+        "{\n"
+            + "  \"authorization_endpoint\": \"https://test.auth.endpoint/oidc/v1/authorize\",\n"
+            + "  \"token_endpoint\": \"https://test.auth.endpoint/oidc/v1/token\"\n"
+            + "}";
+
+    try (FixtureServer server =
+        new FixtureServer().with("GET", discoveryUrlSuffix, discoveryUrlResponse)) {
+
+      String discoveryUrl = server.getUrl() + discoveryUrlSuffix;
+
+      OpenIDConnectEndpoints oidcEndpoints =
+          new DatabricksConfig()
+              .setHost(server.getUrl())
+              .setDiscoveryUrl(discoveryUrl)
+              .setHttpClient(new CommonsHttpClient(30))
+              .getOidcEndpoints();
+
+      assertEquals(
+          oidcEndpoints.getAuthorizationEndpoint(), "https://test.auth.endpoint/oidc/v1/authorize");
+      assertEquals(oidcEndpoints.getTokenEndpoint(), "https://test.auth.endpoint/oidc/v1/token");
+    }
+  }
 }