Azure Databricks Enterprise Application User Impersonation Token Group Claims Issue

Community Platform Discussions

Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.

Hi all,

I am using the Azure Databricks Microsoft Managed Enterprise Application scope (2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/user_impersonation) to fetch an access token on behalf of a user. The authentication process is successful; however, the access token includes group claims. For users who are part of many Azure AD groups, the token becomes quite large because it lists all the groups in the claims. How can I modify my request for the token to exclude group claims from the access token?

I am using the React MSAL library, and here’s a sample of the code I am working with:

export const getDatabricksToken = async () => {
    const account = msalInstance.getActiveAccount();
    const response = await msalInstance.acquireTokenSilent({
        scopes: ["2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/user_impersonation"],
        account: account,
    })
    return response.accessToken
};