cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Missing configured "sql" scope in Databricks Apps User Token

Go to solution
spoltier
New Contributor III

2 weeks ago

I have User authorization for apps enabled in my workspace.

I have added the sql scope to my app. However, when making sql queries to my app, authorization errors ensue:

Error during request to server: : Provided OAuth token does not have required scopes.

I have managed to inspect the JWT that is provided via x-forwarded-access-token and it indeed is missing the "sql" scope.

One thing that could be causing issues is that I'm not sure that I approved the sql scope at the time I first accessed the app. It would be good to be able to reapprove / disapprove the app as a user, both for troubleshooting and security reasons.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Advika
Databricks Employee
Databricks Employee
In response to spoltier

2 weeks ago

Hello @spoltier!

To update your token with the new scope, first add "sql" to your app, then stop and restart the app so that, when you next access it, Databricks will prompt you to the consent screen and grant the updated scopes. If you don't see the consent prompt after relaunching, try logging out and clearing your browser session.

View solution in original post

3 REPLIES 3

Go to solution
spoltier
New Contributor III

2 weeks ago

Replying to add that the scope field has value

"offline_access email iam.current-user:read openid iam.access-control:read profile"

Go to solution
Advika
Databricks Employee
Databricks Employee
In response to spoltier

2 weeks ago

Hello @spoltier!

To update your token with the new scope, first add "sql" to your app, then stop and restart the app so that, when you next access it, Databricks will prompt you to the consent screen and grant the updated scopes. If you don't see the consent prompt after relaunching, try logging out and clearing your browser session.

Go to solution
spoltier
New Contributor III

2 weeks ago

@Advika thanks. It looks like this was only a temporary issue; I had already restarted the app, but today it is working. I will mark your answer as accepted. The problem may have been due to recreating the app (using bundles), which reset the user scopes.

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements