Hi everyone! Our team is looking at automating som...
# getting-started
b
Hi everyone! Our team is looking at automating some tasks using the DataHub API. Is there a way to authenticate to the DataHub API using an OAuth token from our ID Provider (in our case, Azure AD)? We would rather avoid username/password (and PATs) if we can.
e
Hi @billions-computer-48552 the best we can do if you’d like to connect Azure AD to DataHub is configure SSO. For authenticating to the DataHub API however, you’ll need to use our DataHub personal access tokens
here are guides on setting up SSO and PAT’s
please let me know if you have any questions!
g
@echoing-airport-49548 is OAuth2 support on the roadmap for the DH API?
e
Let me check on that for you but I don’t believe so
b
@echoing-airport-49548 Thanks! We are already configured for SSO, but our use case is for automation. PATs (because they expire) will regularly cause issues with this. If there was a way to "exchange" an access token for a PAT, then we could at least generate / refresh PATs in an automated way. That would fulfill our requirement.
s
@billions-computer-48552 do you have a workaround for this issue? I’m asking because I’m configured for SSO as well and I was trying to figure out how to programmatically generate or refresh PATs
e
Please take a look at our token management doc here https://datahubproject.io/docs/api/graphql/token-management/
Could you set up some sort of workflow to automatically generate PAT’s using our GraphQL API before they expire?
s
@echoing-airport-49548 thank you, I must have missed that document 🙂 I’m wondering if I’m about to overcomplicate things though: what is the intended way to keep a push-based integration, like Airflow, going with a valid token? I could implement a job which periodically checks the expiry of the token, issues a new one and updates the Airflow connection with the new token. Is it there a simpler way?