no option to pass in the appId/appKey with the API call for authentication in Synapse

[tritm78]

Describe the bug Per this doc, I can read data from kusto with linkedService option (for linkedService setting, I used appId/appKey/tenant):

kustoDf = spark.read \ .format("com.microsoft.kusto.spark.synapse.datasource") \ .option("spark.synapse.linkedService", "") \ .option("kustoDatabase", "") \ .option("kustoQuery", "") \ .load()

however one problem is that I will need to grant access for the Synapse workspace appId in the Kusto cluster. Is there an option to specify the appId and appKey in the API call, so that this appId (instead of the synapse workspace appId) will be used to access data in the Kusto cluster, something like this:

kustoDf = spark.read \ .format("com.microsoft.kusto.spark.synapse.datasource") \ .option("spark.synapse.linkedService", "") \ .option("aadAppId", ). \ .option("aadAppSecret", ). \ .option("aadTenantId", ). \ .option("kustoDatabase", "") \ .option("kustoQuery", "") \ .load()

[ag-ramachandran]

Hi @tritm78

Here is one way we can do it.

pip install msal

from msal import ConfidentialClientApplication
app = ConfidentialClientApplication(
    "app-id", #App Id
    client_credential="app-key", #App key
    authority="https://login.microsoftonline.com/<tenant>") # Tenant
scopes = ["<cluster>/.default"]
result = app.acquire_token_for_client(scopes=scopes)

kustoDfAad  = spark.read \
    .format("com.microsoft.kusto.spark.synapse.datasource") \
    .option("kustoDatabase", "spark") \
    .option("accessToken", result["access_token"]) \
    .option("kustoCluster", "<cluster>") \
    .option("kustoQuery", "KustoSparkReadWriteTest_2e8d63e1_3ce2_466f_879a_9dd9465c46d5 | take 100") \
    .load()

display(kustoDfAad)

Note that AAD based auth directly seems to have an issue with MSAL classpath. Will try and address it in a subsequent release

cc: @asaharn

[tritm78]

Thanks @ag-ramachandran! That worked.

Please keep me updated when the AAD based auth can work directly with the API call.