# Database passthrough authentication for Databricks

> Set up database passthrough authentication for Databricks using custom OAuth

This guide walks you through setting up [database passthrough authentication](/docs/access-control/database-passthrough-authentication) for Databricks. With this setup, each Holistics user authenticates with their individual Databricks credentials, and queries run under their identity in Databricks.

## Step-by-step setup

### Step 1: register Holistics as a custom OAuth application in Databricks

1. Follow the [Databricks documentation](https://docs.databricks.com/aws/en/integrations/enable-disable-oauth#enable-custom-oauth-applications-using-the-databricks-ui) to enable custom OAuth applications

2. Configure the following settings on the "Add Connection" page:

**Redirect URLs:**

```
https://secure.holistics.io/data_sources/oauth_callback
https://eu.holistics.io/data_sources/oauth_callback
https://us.holistics.io/data_sources/oauth_callback
```

**Note**: If you're using a custom domain e.g. `company.holistics.io`, please add the custom domain to the redirect URLs following the pattern above.
e.g. `https://company.holistics.io/data_sources/oauth_callback`

   **Additional Settings:**
   - **Access Scopes**: All APIs
   - **Client Secret**: Enable "Generate a client secret"
   - **Access Token TTL**: 1440 minutes (24 hours)
   - **Refresh Token TTL**: 129600 minutes (90 days)

3. After creating the application, copy and save both the **Client ID** and **Client Secret** - you'll need these in the next step.

### Step 2: configure passthrough authentication in Holistics

1. Navigate to the **Data Sources** page in Holistics (`/manage/data_sources`)

2. If you don't already have a Databricks data source, add a new data source using your Personal Access Token

3. Enable passthrough authentication by clicking the **"Passthrough"** button on your data source in the listing page

4. Enter the **Client ID** and **Client Secret** from Step 1, then save

### Step 3: connect your database credentials

Each user must authenticate with their individual Databricks account:

1. Go to **My Account** settings (`/users/settings`)
2. Locate the **Database Authentication** section
3. Click to login with your Databricks credentials

## Token expiration behavior

Access tokens expire after 24 hours, and refresh tokens expire after 90 days. Users will be prompted to re-authenticate when their refresh tokens expire.