Great question the core principle is: credentials should never travel through the agent itself. 

Instead of PATs or embedding a client_secret in your agent, use your Identity Provider (Entra ID / Okta) with the OBO flow:

User authenticates via your IdP → receives a short-lived JWT
Your backend exchanges that token for a Databricks-scoped token using OBO
Databricks sees the actual user identity — not a shared service principal

python# Backend only — never inside agent logic
obo_token = msal_app.acquire_token_on_behalf_of(
user_assertion=user_aad_token,
scopes=["2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/.default"] # Databricks resource ID
)
databricks_token = obo_token["access_token"]
Your agent receives only a short-lived, scoped token injected at request time  no secrets stored anywhere in the agent.