Before deploying a Superblocks App to Databricks, you must configure your Superblocks environment to support the Databricks Apps runtime. This page covers all required setup steps. If any of these steps are skipped or misconfigured, the app may deploy successfully but fail at runtime.Documentation Index
Fetch the complete documentation index at: https://docs.superblocks.com/llms.txt
Use this file to discover all available pages before exploring further.
What you are setting up
A deployed Databricks App runs inside a Databricks workspace. When the app makes Databricks SQL or REST API calls, it typically relies on OAuth On Behalf Of Token Exchange so Databricks can issue the correct access token for the identity accessing the app. To support this cleanly, we recommend that customers use a dedicated data tag for Databricks Apps, along with data tag specific integration configurations for Databricks SQL and Databricks REST API.Prerequisites
To configure the environment, you’ll need the following in Superblocks:- Permission to create and manage data tags
- Permission to manage the Databricks Integrations your application uses
Step 1: Create a dedicated Databricks Apps data tag
Create a dedicated data tag in Superblocks, typically named Databricks Apps. Why this matters:- Databricks Apps require authentication behavior that differs from Superblocks-hosted apps
- Data tag isolation prevents breaking existing apps by mixing incompatible auth methods
- You can change Databricks Apps specific settings without affecting other environments
Step 2: Identify the Databricks token exchange endpoint
Databricks Apps require Superblocks to exchange tokens using the Databricks OIDC token endpoint:Step 3: Configure Databricks SQL integrations
For each Databricks SQL integration used by your app:- Add a configuration scoped to the Databricks Apps data tag
- Set the authentication type to OAuth Token Federation
- Set the subject token source to Login Identity Provider
- Set the Token URL to
https://<your-databricks-workspace>/oidc/v1/token
Step 4: Configure Databricks REST API integration
For each Databricks REST API integration used by your app:- Add a configuration scoped to the Databricks Apps data tag
- Set authentication type to OAuth 2.0: On Behalf Of Token Exchange
- Set subject token source to Login Identity Provider
- Set Subject Token Type to
urn:ietf:params:oauth:token-type:access_token - Set Token URL to
https://<your-databricks-workspace>/oidc/v1/token - Set Scope to
all-apis - Under Headers add
Authorization: Bearer {{ oauth.token }}
Step 5: Set the app’s Production data tag
Before deploying your app to Databricks, set the app’s Production data tag to Databricks Apps. This is required. If the Production data tag is not set correctly, the app will run with the wrong integration configuration and token exchange will fail at runtime. Learn more about how to set your app’s Production data tag.Step 6: Verify the environment before deployment
Before deploying, confirm the following:Integration verification
- Databricks SQL integration has a configuration for the Databricks Apps data tag
- Databricks REST API integration has a configuration for the Databricks Apps data tag
- All integrations use the Databricks OIDC token endpoint
- Databricks REST API integration scope is all-apis
- The
AuthorizationHeader is configured in your Databricks REST API integration
Data tag verification
- The Databricks Apps data tag exists and is selected as the app’s Production data tag
- If self-hosting, your agents are tagged to support the Databricks Apps data tag
Access verification
- The Databricks identity used at runtime has access to required SQL warehouses
- The Databricks identity used at runtime has permission to call required REST APIs
Next steps
- Learn how Authentication works for Databricks Apps
- Deploy your app to Databricks Apps