TLDR: For Databricks App-to-App communication, you should use the client app's automatically provisioned Service Principal rather than On-Behalf-Of (OBO) user authentication to avoid interactive OAuth consent redirects.
Why Your Local Approach Fails in Deployment When relying on OBO user authentication, the platform requires the user to interactively grant consent via a browser redirect the first time they use the application. While this works when you are actively navigating an interface, an app-to-app background connection cannot process this interactive UI redirect, which causes the deployment to fail.
Recommendation: Databricks Apps are natively designed with automatically managed Service Principals specifically built for secure app-to-app communication. Every time an app is created, it is automatically assigned a dedicated Service Principal.
To fix your deployment:
Use M2M Authentication: Configure your client Databricks App to authenticate to the server Databricks App using its dedicated Service Principal instead of passing through an OBO user token.
Grant Access: Ensure you grant the client app's Service Principal the proper access permissions to hit the backend server app's API.
Please accept the solution if my recommendation worked for you.
