authenticate
Authenticate with Databricks via OAuth to enable interaction with Databricks-hosted tools through Claude. Opens browser for authorization.
Instructions
Authenticate with Databricks using OAuth U2M flow.
Opens a browser for authorization.
Uses DATABRICKS_HOST and DATABRICKS_APP_URL from app.yaml or environment.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- src/databricks_mcp_proxy/server.py:28-59 (handler)The @mcp.tool()-decorated 'authenticate' function implements the tool logic: reads config, starts OAuth flow using start_oauth_flow, creates DatabricksMCPProxy, connects and discovers tools, sets authenticated state, and returns list of available tools.@mcp.tool() def authenticate() -> str: """ Authenticate with Databricks using OAuth U2M flow. Opens a browser for authorization. Uses DATABRICKS_HOST and DATABRICKS_APP_URL from app.yaml or environment. """ try: host = state.host or os.environ.get("DATABRICKS_HOST") app_url = state.app_url or os.environ.get("DATABRICKS_APP_URL") scopes = state.scopes or os.environ.get("DATABRICKS_SCOPES", DEFAULT_SCOPES) if not host: return "Error: DATABRICKS_HOST not configured. Set it in app.yaml or environment." if not app_url: return "Error: DATABRICKS_APP_URL not configured. Set it in app.yaml or environment." print(f"Starting OAuth flow for {host}...", file=sys.stderr) access_token = start_oauth_flow(host, scopes) state.proxy = DatabricksMCPProxy(host, app_url, access_token) state.proxy.connect() state.proxy.discover_tools() state.authenticated = True tool_names = [t.name for t in state.proxy.tools] return f"Authenticated successfully!\n\nAvailable tools ({len(tool_names)}):\n" + "\n".join(f" - {name}" for name in tool_names) except Exception as e: state.authenticated = False return f"Authentication failed: {e}"
- The 'start_oauth_flow' function performs the core OAuth U2M flow: generates PKCE, opens browser to auth URL, handles callback with local HTTP server, exchanges code for access token.def start_oauth_flow(host: str, scopes: str = DEFAULT_SCOPES, redirect_uri: str = DEFAULT_REDIRECT_URI) -> str: """ Start OAuth U2M flow and return access token. Opens browser for user authorization. """ host = host.rstrip("/") state = secrets.token_urlsafe(32) code_verifier, code_challenge = generate_pkce_pair() auth_params = { "client_id": CLIENT_ID, "redirect_uri": redirect_uri, "response_type": "code", "state": state, "code_challenge": code_challenge, "code_challenge_method": "S256", "scope": scopes, } auth_url = f"{host}/oidc/v1/authorize?{urlencode(auth_params)}" # Reset state OAuthCallbackHandler.authorization_code = None OAuthCallbackHandler.state_value = None # Start callback server redirect_port = int(urlparse(redirect_uri).port or 8020) server = HTTPServer(("localhost", redirect_port), OAuthCallbackHandler) server.timeout = 300 # Open browser print(f"Opening browser for authorization...", file=sys.stderr) webbrowser.open(auth_url) # Wait for callback print(f"Waiting for authorization callback on {redirect_uri}...", file=sys.stderr) server.handle_request() if OAuthCallbackHandler.state_value != state: raise ValueError("State mismatch! Possible CSRF attack.") if not OAuthCallbackHandler.authorization_code: raise ValueError("No authorization code received.") # Exchange code for token print("Exchanging code for token...", file=sys.stderr) token_response = requests.post( f"{host}/oidc/v1/token", data={ "client_id": CLIENT_ID, "grant_type": "authorization_code", "scope": scopes, "redirect_uri": redirect_uri, "code_verifier": code_verifier, "code": OAuthCallbackHandler.authorization_code, } ) if token_response.status_code != 200: raise ValueError(f"Token exchange failed: {token_response.text}") print("Token obtained successfully!", file=sys.stderr) return token_response.json()["access_token"]
- src/databricks_mcp_proxy/server.py:25-25 (registration)FastMCP server instance creation where tools are registered via decorators.mcp = FastMCP("databricks-mcp-proxy")