Entra ID Service Principal authentication #528
Description
Hi,
According to the docs authentication using an Azure Entra ID service srincipal is not supported. However, if I generate a token using the msal library I can successfully execute queries using my service principal. The only issue is then the refreshing of the token. Since it is handed off to the library I cannot actively refresh it, and the token seems to expire in ~4h.
From these observations it seems like a minor task to implement support for service principal auth, since the current auth flow supports the tokens generated from msal. Also the databricks-sdk package supports azure service principal auth, so it would make sense to leverage that code base for auth handling.
Example code:
# Azure Service Principal details
tenant_id = os.environ["AZURE_TENANT_ID"]
client_id = os.environ["AZURE_CLIENT_ID"]
client_secret = os.environ["AZURE_CLIENT_SECRET"]
# Authority URL
authority = f"https://login.microsoftonline.com/{tenant_id}"
# Scope for Azure Databricks
scope = ["2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/.default"]
# Create a confidential client application
app = msal.ConfidentialClientApplication(
client_id,
authority=authority,
client_credential=client_secret,
)
# Acquire a token
result = app.acquire_token_for_client(scopes=scope)
if "access_token" in result:
access_token = result["access_token"]
connection = sql.connect(
server_hostname="...",
http_path="...",
access_token=access_token,
)
cursor = connection.cursor()
cursor.execute("SELECT * from range(10)")
print(cursor.fetchall())
cursor.close()
connection.close()
else:
print("Error obtaining token:", result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id"))