🏠 Databricks Apps — Native OAuth & UC Integration

Databricks Apps

Host web applications directly on the Databricks platform with automatic OAuth authentication, Unity Catalog integration, and seamless access to workspace resources.

📚 Databricks Apps Docs 📖 Tutorials ⚙️ Configuration
↓ Scroll to explore
📱 STEP 1

What are Databricks Apps?

Databricks Apps is a managed platform for hosting web applications directly within your Databricks workspace.

Build data applications, AI-powered tools, dashboards, and customer-facing apps — all running on serverless compute with built-in security.

Key benefit: No separate infrastructure to manage. Your app inherits Databricks security, authentication, and governance automatically.
🔧 STEP 2

Supported Frameworks

Databricks Apps supports both Python and Node.js frameworks:

  • Streamlit — Data apps & dashboards
  • Dash — Interactive visualizations
  • Gradio — ML/AI demos & chat interfaces
  • React/Angular/Svelte — Custom web apps
Deployment: Push your code → Databricks builds and serves it on serverless infrastructure.
🔐 STEP 3

Native OAuth Authentication

Apps running on Databricks get automatic OAuth — no manual token handling required.

When a user accesses your app, they authenticate through Databricks. The platform provides your app with tokens to access workspace resources on behalf of that user.

Zero configuration: OAuth is handled by the platform. Just use the Databricks SDK in your app code.
🔗 STEP 4

Direct Access to Resources

Your Databricks App can directly access all workspace resources:

  • SQL Warehouses — Run queries on lakehouse data
  • Model Serving — Call deployed ML models & agents
  • Unity Catalog — Browse and query governed tables
  • Jobs & Workflows — Trigger and monitor pipelines
Resources are accessed with the user's identity — UC permissions are enforced automatically.
🛡️ STEP 5

Unity Catalog Integration

Every data access from your app flows through Unity Catalog governance:

  • Permissions — Users only see data they're authorized to access
  • Row filters — Automatic row-level security
  • Column masks — Sensitive data is masked per policy
  • Audit logs — All access is tracked
Build once, govern always: Your app code stays simple while UC handles fine-grained access control.
👤 STEP 6

User Identity Propagation

When a user interacts with your app, their identity flows through to all backend resources:

User → App → SQL Warehouse → UC → Data

This ensures that data access respects each user's permissions — two users using the same app may see different data based on their roles.

Example: A finance user sees all revenue data; a regional manager sees only their region's data — from the same dashboard.
⚖️ STEP 7

vs. External App Hosting

Compare Databricks Apps with hosting your app externally:

  • No token exchange needed — OAuth is automatic vs. manual federation
  • No infrastructure — No VMs, containers, or cloud setup
  • Built-in security — Network isolation, secrets management included
  • Direct UC access — No VPN or firewall configuration
Trade-off: External hosting offers more flexibility; Databricks Apps offers simpler security and governance.
💡 STEP 8

Common Use Cases

Databricks Apps excels for internal and external applications that need secure, governed data access:

  • AI Chat Interfaces — Gradio apps calling deployed agents
  • Data Dashboards — Streamlit apps querying lakehouse
  • Customer-Facing Apps — External apps with user identity
  • Admin & Ops Tools — Internal monitoring & management
Ideal for: Both internal users in your workspace and external users authenticated via your identity provider (Entra ID, Okta, etc.).
🚀 STEP 9

Deployment Workflow

Deploy your app in minutes:

  • 1. Write your app code (Streamlit, Gradio, etc.)
  • 2. Create an app.yaml configuration
  • 3. Use databricks apps deploy CLI
  • 4. Access via https://{workspace}/apps/{app-name}
CI/CD ready: Integrate deployment into your Git workflows for automated app updates.
✅ STEP 10

Summary: Databricks Apps

Databricks Apps provides a managed, secure platform for hosting web applications with:

  • Native OAuth — Automatic authentication, no token handling
  • UC Integration — Permissions, filters, masks enforced
  • User Identity — Per-user data access with audit trail
  • Serverless — No infrastructure to manage
  • Multiple Frameworks — Python & Node.js supported
Best for: Internal and external data apps, AI-powered applications, and dashboards where security, governance, and user identity are priorities.
👤
User
Authenticated
🏠
Databricks Apps
Serverless Platform
📊 Streamlit
📈 Dash
🤖 Gradio
⚛️ React
🔐
OAuth
Automatic
Workspace Resources
🗃️
SQL Warehouse
Queries
🤖
Model Serving
ML & Agents
Jobs
Workflows
📚
Catalog
Browse
🛡️
Unity Catalog Governance
Permissions • Row Filters • Column Masks • Audit
💾
Lakehouse Data
Governed Access
🌐
External App
Needs Token Exchange
Auto Auth
User Identity
Governed