Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth breaks if a bad .netrc file is present #121

Closed
susodapop opened this issue May 11, 2023 · 0 comments · Fixed by #122
Closed

OAuth breaks if a bad .netrc file is present #121

susodapop opened this issue May 11, 2023 · 0 comments · Fixed by #122

Comments

@susodapop
Copy link
Contributor

While fixing databricks/dbt-databricks#337 I found that the same bug plagueing dbt-databricks affects pysql as well.

To reproduce this issue:

  1. Add an intentionally bad ~/.netrc to your workstation, like this:
machine <my-workspace>.cloud.databricks.com
login token
password <expired_token>
  1. Try to run the interactive_oauth.py example using the same host name specified in the .netrc file.
  2. You'll receive this exception:
    access_token = oauth_response["access_token"]
KeyError: 'access_token'

The fix

Straightforward: force requests to not use the .netrc file when making requests to Databricks OAuth endpoints. These requests are unauthenticated (no auth header is required). The bug here is that if you include an auth header in the request to https://****.staging.cloud.databricks.com/oidc/v1/token the Databricks runtime will return an error response. oauth.py looks for access_token in this response and doesn't find one, so it raises an Exception.

If .netrc is present, requests always uses it. Even for these requests that are supposed to be unauthenticated. So we need to force it to not do this.
susodapop added a commit that referenced this issue May 11, 2023
@susodapop
Oauth: ignore ~/.netrc file for requests to unauthenticated endpoints
cb3bf69 
https://requests.readthedocs.io/en/latest/user/authentication/#new-forms-of-authentication

Closes #121
Affects databricks/dbt-databricks#337

Signed-off-by: Jesse Whitehouse <jesse.whitehouse@databricks.com>
This was referenced May 12, 2023
Closed
Merged
susodapop added a commit that referenced this issue Jul 12, 2023
@susodapop
Oauth: ignore ~/.netrc file for requests to unauthenticated endpoints
94b2250 
https://requests.readthedocs.io/en/latest/user/authentication/#new-forms-of-authentication

Closes #121
Affects databricks/dbt-databricks#337

Signed-off-by: Jesse Whitehouse <jesse.whitehouse@databricks.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

OAuth: don't override auth headers with contents of .netrc file databricks/databricks-sql-python
1 participant
@susodapop