[DOC] databricks_connection OAuth requiring more option fields comparing to the UI

[youldb]

trafficstars

Affected Resource(s)

databricks_connection

Expected Details

I'm running into a confusing, undocumented difference when trying to create a databricks_connection resource in Terraform — specifically for setting up an Azure SQL Server connection using OAuth.

In the Databricks UI, setting up the connection only requires the following:

Host, Port, Client ID, Client Secret, Scope, Authorization Endpoint

But in Terraform, you also need to provide these fields inside the options block:

oauth_redirect_uri, authorization_code, pkce_verifier

While oauth_redirect_uri is fairly well documented (here), the need for authorization_code and pkce_verifier is unclear. It seems like Terraform is trying to handle part of the OAuth flow itself — but if that’s the case, it’s not explained anywhere.

My main questions are:

Why are these extra fields needed in Terraform but not in the databricks workspace UI? (Is the UI automated this step)

Is Terraform trying to request a token as part of creating the connection?

If yes, how are we supposed to automate that step — especially generating the authorization_code and pkce_verifier ? (in a CI/CD pipeline?)

It would really help to have this clarified or documented, since it makes automation around OAuth-based connections quite tricky right now.

List of things to potentially add/remove

Extend the option documentation per resource type https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/connection

References

N/A