- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 04:02 AM
Hi All,
We are using on-behalf of user authorization method for our app and the x-forwarded-access-token is expiring after sometime and we have to redeploy our app to rectify the issue. I am not sure what is the issue or how we can keep the token alive. There is nothing mentioned in the documentation which i have shared below please have a look and tell me if i need to check anything or correct anything.
Link: OBO user-authorization in databricks apps
The App Logs:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2025 08:43 AM
Hi @Upendra_Dwivedi , are you still facing this issue?
The x-forwarded-access-token your app receives is the current user’s access token that Databricks forwards in HTTP headers for on‑behalf‑of‑user access. You should read it from the request on each call and pass it to downstream SDKs/connectors, rather than trying to have it persist.
You don’t need to redeploy the app when tokens change. Redeploys are only required when you enable/disable User authorization or change scopes; in those cases Databricks requires an app restart to apply the new authorization model.
How to fix
Do not cache the token or connection. Read x-forwarded-access-token per request and create a new DBSQL connection for that request; close it after executing the query. This avoids stale JWTs on connection reuse.
Use App authorization for long‑running/background work. For tasks that shouldn’t depend on a user session, call Databricks with the app’s service principal (OAuth client ID/secret injected as env vars), not the user’s token. This eliminates user-token expiry for those paths.
(see other resources/examples at github.com/databricks/app-templates and apps-cookbook.dev/)
If you have further questions please ask, but if this response helps you resolve the issue, then click the "Accept as Solution" button to let us know!
-James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2026 02:20 AM
I am confronted with a similar error. I am also using obo user auth and have implemented accessing the token via
What am i doing wrong? I also close the connection after each query, so stale connections should not be the cause for this behaviour