Databricks Community

Hi @excavator-matt,

The Databricks documentation page "Connect clients to MCP servers" covers OAuth setup for several popular MCP clients. VS Code with GitHub Copilot is not yet listed as a named example on that page, but the approach that works is the same pattern used for Cursor and Windsurf, which relies on the mcp-remote npm package to proxy the OAuth flow.

Here is the end-to-end walkthrough:

STEP 1: CREATE A DATABRICKS OAUTH APP

In your Databricks account console, go to Settings > App Connections > Add connection. Configure it as follows:

- Name: something descriptive, e.g. vscode-mcp-client
- Redirect URLs: http://localhost:3334/oauth/callback
(this is the default callback port that mcp-remote uses; if you change the port with --callback-port, update the redirect URL to match)
- Client type: Public (uncheck "Generate a client secret")
- Scopes: all-apis (or for tighter permissions use genie, unity-catalog, offline_access)

You can also create it via the Databricks CLI:

databricks account custom-app-integration create --json '{
"name": "vscode-mcp-client",
"redirect_urls": ["http://localhost:3334/oauth/callback"],
"confidential": false,
"scopes": ["all-apis"],
"token_access_policy": {
"access_token_ttl_in_minutes": 60,
"refresh_token_ttl_in_minutes": 10080
}
}'

Note the client_id that is returned.

STEP 2: CONFIGURE VS CODE

VS Code reads MCP server definitions from .vscode/mcp.json in your workspace or from your user-level MCP configuration (open via the command palette: "MCP: Open User Configuration").

Option A: OAuth via mcp-remote (works with all recent VS Code versions)

Add this to your mcp.json:

{
"servers": {
"databricks-sql": {
"command": "npx",
"args": [
"mcp-remote",
"https://<your-workspace-hostname>/api/2.0/mcp/sql",
"--static-oauth-client-info",
"{ \"client_id\": \"<your-oauth-client-id>\" }"
]
}
}
}

Replace <your-workspace-hostname> with your Databricks workspace URL (e.g. adb-1234567890123456.12.azuredatabricks.net) and <your-oauth-client-id> with the client ID from step 1.

When you first invoke a tool from this server, mcp-remote will open a browser window to complete the OAuth login. After you authenticate, the token is cached locally and refreshed automatically.

Option B: Native MCP OAuth (VS Code 1.101+, May 2025 and later)

VS Code 1.101 introduced built-in support for the MCP authorization specification, which means MCP servers that implement OAuth natively can be authenticated without mcp-remote. The Databricks managed MCP endpoints support the streamable HTTP transport with OAuth. If you are on VS Code 1.101 or newer, you can try:

{
"servers": {
"databricks-sql": {
"type": "http",
"url": "https://<your-workspace-hostname>/api/2.0/mcp/sql"
}
}
}

VS Code should detect that the server requires authentication and initiate the OAuth flow automatically using its built-in dynamic client registration. If the workspace requires a pre-registered OAuth app, you may still need to pair this with the mcp-remote approach in Option A.

Option C: PAT-based (your current approach, simplified)

If OAuth is not a hard requirement for your environment right now, your current PAT approach works. In VS Code mcp.json with a streamable HTTP server you can use:

{
"servers": {
"databricks-sql": {
"type": "http",
"url": "https://<your-workspace-hostname>/api/2.0/mcp/sql",
"headers": {
"Authorization": "Bearer ${input:databricksPat}"
}
},
"inputs": [
{
"id": "databricksPat",
"type": "promptString",
"description": "Databricks Personal Access Token",
"password": true
}
]
}
}

Using an input variable avoids hardcoding the PAT in the file.

STEP 3: VERIFY

Open the GitHub Copilot chat in VS Code (Ctrl+Shift+I or Cmd+Shift+I), and you should see the Databricks MCP tools available. You can test by asking Copilot a question that triggers the SQL tool, such as "List all tables in the main catalog."

WHICH MCP SERVER URL TO USE

The same approach works for any of the managed MCP server endpoints:

- Databricks SQL: /api/2.0/mcp/sql
- Vector Search: /api/2.0/mcp/vector-search/{catalog}/{schema}/{index_name}
- Genie Space: /api/2.0/mcp/genie/{genie_space_id}
- Unity Catalog Functions: /api/2.0/mcp/functions/{catalog}/{schema}/{function_name}

Just swap the URL in the configuration above.

REFERENCES

- Connect clients to MCP servers: https://docs.databricks.com/aws/en/generative-ai/mcp/connect-external-services
- Managed MCP servers overview: https://docs.databricks.com/aws/en/generative-ai/mcp/managed-mcp
- VS Code MCP server configuration: https://code.visualstudio.com/docs/copilot/chat/mcp-servers
- VS Code 1.101 release notes (MCP auth support): https://code.visualstudio.com/updates/v1_101

* This reply used an agent system I built to research and draft this response based on the wide set of documentation I have available and previous memory. I personally review the draft for any obvious issues and for monitoring system reliability and update it when I detect any drift, but there is still a small chance that something is inaccurate, especially if you are experimenting with brand new features.

@SteveOstrowski: Sorry for the late reply.

Thank you for the detailed description. I now also see that the official guide has been updated (Mar 18, 2026) and I find it much easier to follow.

A lot have happened since I wrote the post. We switched from Copilot to Claude Code as our primary tool and we also found the official skills.

We were really confused by the Claude Connector vs Claude Code, but the new version makes it easy and I can confirm that I get this working.

I mention, I can get the PAT version for Copilot and VSCode working (option C). Unfortunately, I still don't get Option A or Option B working for Copilot and VSCode (Version: 1.112.0) :(.

I am trying one of my genie spaces. Option B seems to have more and more localhosts ports (http://127.0.0.1:63163 etc), but it only reveals what it needs after I have created the OAuth app and it can no longer be modifed.

For option A I get a strange error message that a client id that looks like a client secret isn't available

{"error_description":"OAuth application with client_id: 'dose2***' not available in Databricks account '6***'.","error":"invalid_request"}

I have Claude Code and my skills, the original question is still unresolved for me. Maybe I can revisit this with customer support. Last time they spammed bot replies until I gave up, but perhaps better luck this time.

Hi excavator-matt,

Thanks for the follow-up and glad to hear you got Option C (PAT-based) working with Copilot and VSCode, and that you have moved to Claude Code with the official skills.

Regarding the issues with Options A and B:

• Option A (OAuth U2M) — The error about the client_id not being available typically means the OAuth app was registered in a different account than the workspace you are targeting, or the client ID/secret values were swapped. Double-check that the OAuth app is registered in the correct Databricks account and that you are copying the client ID (not the secret) into the MCP config.
• Option B (OAuth with localhost redirect) — The multiple localhost ports issue is a known friction point. Each time you re-authenticate, it may pick a new port, and if the OAuth app redirect URI does not match, it fails. Unfortunately, the OAuth app redirect URIs cannot be modified after creation — you would need to create a new OAuth app with all the ports pre-registered, or use a wildcard localhost redirect if supported.

Since you have Claude Code working well with skills, that is likely the best path forward. If you still need Copilot/VSCode integration, Option C with PAT remains the most reliable approach for now.

Sources:

• Databricks MCP Server Documentation