[FEATURE] Tableau Azure AD OAuth Capability

[bogdanghit]

Is your feature request related to a problem? Please describe. In the latest connector release we pushed Tableau AAD OAuth only with common tenant support and manual override for specific Azure AD tenant IDs. This manual settings affects customers that use guest accounts, gov cloud, and other non-standard clouds.

Describe the solution you'd like To overcome this limitation, we need a way to make and parse HTTP calls at connector level. This means we need to extend the capabilities of the JavaScript sandbox as follows:

1. Run HTTP call
2. Read and parse the HTTP response
3. Set the OAuth configuration (instanceurl parameter) based on the response

If there are security concerns, we can limit the call to a specific set of domains.

Sending an unauthenticated request to https://<host>/aad/auth returns a 302 status with Location header in response. The value will contain the correct authorization_uri, plus a query string we drop and substitute with our own

Example request: GET /aad/auth Host: adb-123456.1.azuredatabricks.net Response: HTTP/1.1 302 Found Location: https://login.microsoftonline.com/<tenant-id>/oauth2/authorize?...

The returned tenant ID is the Azure tenant ID belonging to the Databricks workspace adb-123456.

About You Name: Bogdan Ghit Company: Databricks

[melquic]

@bogdanghit does your Tableau AAD OAuth authentication support MFA? Best.