Support for connecting via Service Principals

[kartikay-bagla]

Currently the only authentication method supported is via personal access tokens:

f"databricks://token:{access_token}@{host}?http_path={http_path}&catalog={catalog}&schema={schema}"

Technically, we can generate tokens for service principals by calling the Workspace OAuth API. But that returns a short-lived access token, and when that token expires, we would need to create a new engine with the updated token.

The Databricks SQL Connector for Python already supports M2M authentication which removes the overhead of managing short-lived access tokens.

Would it be possible to have connector itself manage refreshing the access tokens? The connection string would then possibly become:

f"databricks://{service_principal_uuid}:{service_principal_secret}@{host}?http_path={http_path}&catalog={catalog}&schema={schema}"

[amirhessam88]

You just need to add that functionality via sqlalchemy to inject fresh token

from sqlalchemy import event

engine = create_engine("postgresql+psycopg2://user:pass@hostname/dbname")


@event.listens_for(engine, "do_connect")
def receive_do_connect(dialect, conn_rec, cargs, cparams):

    # add a function to grab the fresh token via API
    new_token = get_new_token()
    cparams["access_token"] = new token

    return engine

https://docs.sqlalchemy.org/en/20/core/engines.html#fully-replacing-the-dbapi-connect-function