使用 Azure Databricks 个人访问令牌进行身份验证Authentication using Azure Databricks personal access tokens

若要对 Databricks REST API 进行身份验证和访问,可使用 Azure Databricks 个人访问令牌或 Azure Active Directory (Azure AD) 令牌。To authenticate to and access Databricks REST APIs, you can use Azure Databricks personal access tokens or Azure Active Directory (Azure AD) tokens.

本文介绍如何使用 Azure Databricks 个人访问令牌。This article discusses how to use Azure Databricks personal access tokens. 有关 Azure AD 令牌,请参阅使用 Azure Active Directory 令牌进行身份验证For Azure AD tokens, see Authentication using Azure Active Directory tokens.

重要

令牌取代了身份验证流中的密码;与密码一样,应始终谨慎使用令牌。Tokens take the place of passwords in an authentication flow, and like passwords, they should always be treated with care. 为了保护令牌,Databricks 建议将令牌存储到:To protect tokens, Databricks recommends that you store tokens in:

要求Requirements

2018 年 1 月之后启动的所有 Azure Databricks 帐户默认启用基于令牌的身份验证。Token-based authentication is enabled by default for all Azure Databricks accounts launched after January 2018. 如果已禁用,你的管理员必须先启用它,然后你才能执行本文中所述的任务。If it is disabled, your administrator must enable it before you can perform the tasks described in this article. 请参阅管理个人访问令牌See Manage personal access tokens.

生成个人访问令牌 Generate a personal access token

本部分介绍如何在 Azure Databricks UI 中生成个人访问令牌。This section describes how to generate a personal access token in the Azure Databricks UI. 还可使用令牌 API生成和撤销令牌。You can also generate and revoke tokens using the Token API.

  1. 单击“用户配置文件”图标Click the user profile icon 用户配置文件 它位于 Azure Databricks 工作区的右上角。in the upper right corner of your Azure Databricks workspace.

  2. 单击“用户设置”。Click User Settings.

  3. 转到“访问令牌”选项卡。Go to the Access Tokens tab.

    List_Tokens

  4. 单击“生成新令牌”按钮。Click the Generate New Token button.

  5. 选择性地输入说明(注释)和有效期。Optionally enter a description (comment) and expiration period.

    Generate_Token

  6. 单击“生成”按钮。Click the Generate button.

  7. 复制生成的令牌,并将其存储在安全的位置。Copy the generated token and store in a secure location.

撤销个人访问令牌Revoke a personal access token

本部分介绍如何使用 Azure Databricks UI 撤销个人访问令牌。This section describes how to revoke personal access tokens using the Azure Databricks UI. 还可使用令牌 API 生成和撤销访问令牌。You can also generate and revoke access tokens using the Token API.

  1. 单击“用户配置文件”图标Click the user profile icon 用户配置文件 它位于 Azure Databricks 工作区的右上角。in the upper right corner of your Azure Databricks workspace.
  2. 单击“用户设置”。Click User Settings.
  3. 转到“访问令牌”选项卡。Go to the Access Tokens tab.
  4. 针对要撤销的令牌单击 x。Click x for the token you want to revoke.
  5. 在“撤销令牌”对话框中,单击“撤销令牌”按钮。On the Revoke Token dialog, click the Revoke Token button.

使用个人访问令牌访问 Databricks REST API Use a personal access token to access the Databricks REST API

可在 .netrc 中存储个人访问令牌并在 curl 中使用,也可将其传递到 Authorization: Bearer 标头。You can store a personal access token in .netrc and use in curl or pass it to the Authorization: Bearer header.

.netrc 文件中存储令牌并在 curl 中使用Store token in .netrc file and use in curl

使用 machineloginpassword 属性创建 .netrc 文件:Create a .netrc file with machine, login, and password properties:

machine <databricks-instance>
login token
password <personal-access-token>

其中:where:

  • <databricks-instance> 是 Azure Databricks 部署的工作区 URL<databricks-instance> is the workspace URL of your Azure Databricks deployment.
  • token 是文本字符串 tokentoken is the literal string token
  • <personal-access-token> 是个人访问令牌的值。<personal-access-token> is the value of your personal access token.

若要调用 .netrc 文件,请在 curl 命令中使用 -nTo invoke the .netrc file, use -n in your curl command:

curl -n -X GET https://<databricks-instance>/api/2.0/clusters/list

将令牌传递到 Bearer 身份验证 Pass token to Bearer authentication

可使用 Bearer 身份验证将令牌包含在标头中,You can include the token in the header using Bearer authentication. 也可将此方法用于 curl 或你构建的任何客户端。You can use this approach with curl or any client that you build. 如果是后者,请参阅将大文件上传到 DBFSFor the latter, see Upload a big file into DBFS.

curl -X GET -H 'Authorization: Bearer <personal-access-token>' https://<databricks-instance>/api/2.0/clusters/list