Debug loggign for expired SPA and store refresh token

thijs-nijhuis · Jun 10, 2024 · 79ffca0 · 79ffca0
1 parent 7fd525c
commit 79ffca0
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/dbt/adapters/databricks/credentials.py b/dbt/adapters/databricks/credentials.py
@@ -38,6 +38,10 @@
 SCOPES = ["all-apis", "offline_access"]
 MAX_NT_PASSWORD_SIZE = 1280
 
+# When using an Azure App Registration with the SPA platform, the refresh token will
+# also expire after 24h. Silently accept this in this case.
+SPA_CLIENT_FIXED_TIME_LIMIT_ERROR = 'AADSTS700084'
+
 TCredentialProvider = Union[CredentialsProvider, SessionCredentials]
 
 
@@ -285,9 +289,19 @@ def authenticate(self, in_provider: Optional[TCredentialProvider]) -> TCredentia
                     # if refresh token is expired, this will throw
                     try:
                         if provider.token().valid:
+                            # if the token was expired, it is now refreshed. Save it to prevent 
+                            # further refresh calls during before it expires.
+                            self._credentials_provider = provider.as_dict()
+                            self.set_sharded_password(
+                                "dbt-databricks", host, json.dumps(self._credentials_provider)
+                            )                            
                             return provider
                     except Exception as e:
-                        logger.warning(CredentialLoadError(e))
+                        # SPA token are suppose to expire after 24h, no need to warn
+                        if SPA_CLIENT_FIXED_TIME_LIMIT_ERROR in str(e):
+                            logger.debug(CredentialLoadError(e))
+                        else:
+                            logger.warning(CredentialLoadError(e))
                         # whatever it is, get rid of the cache
                         self.delete_sharded_password("dbt-databricks", host)