Databricks REST API returns HTTP 400 error (with a AAD Access Token)

Question

I am trying to access to the REST API of Databricks with an Active Directoy Access Token.

To do so, from the Active Directory -> App Registration -> AAD App:

In API Permissions I have added the AzureDatabricks API

Then I am trying to access to any data from the Databricks REST API, but always I am getting the same error:

"io.jsonwebtoken.security.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted."

One of the endpoint I am trying to request is:

https://adb-XXXXXXXXXXXXXXX.azuredatabricks.net/api/2.0/token/list

This Access Token let me do requests to my Graph API, so I guess the token is OK. If my Access Token expires, returns that the token has expired...

To do all tries I am using Insomnia (similar to Postman).

What am I doing wrong? Do I need to do something more?

Thanks beforehand

Answer 1

If you want to request the Databricks API, the access token can not request the Graph API. This doc shows to get access token about Databricks.

https://login.microsoftonline.com/<tenant>/oauth2/authorize?client_id=<client-id>
&response_type=code
&redirect_uri=<redirect URI in encoded format: e.g., http%3A%2F%2Flocalhost>
&response_mode=query
&resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d
&state=<a random number or some encoded info>

Make sure resource is 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d(the appid of user_impersonation permission). And you will get code that will be used in the next step.

POST  https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

client_id={client id}
&scope=https://azuredatabricks.net//user_impersonation
&code={code}
&redirect_uri=http://localhost
&grant_type=authorization_code

You could use the access token to request the Databricks API.

On the other hand, it is not recommended to use Postman when it is related to login.