Embedding Databricks Apps via Proxy
The proxy uses a session-cookie architecture — a short-lived JWT is exchanged for an opaque HttpOnly session cookie, so no Databricks tokens ever appear in URLs, browser storage, or logs. Documentation is organized into dedicated pages below.
Solution Documentation
The embedding architecture and individual solutions are documented separately for easier navigation and more detailed coverage.
⚠️ Production Deployment Warning
The Firefly reference implementation uses path-based cookies on a single shared proxy domain for simplicity. This is suitable for development and demos only.
For production, use wildcard subdomain routing (e.g., app-*.firefly-analytics.com) to ensure full app isolation, strict CORS, and to prevent cross-app cookie contamination. Path-scoping is a browser hint — it is not enforced by the Same-Origin Policy.
See the Embedding Databricks Apps — Production Deployment section for the full guidance and architecture comparison.
Embedding Databricks Apps w/o SSO
Session-cookie proxy architecture: JWT exchange, SPN token management, HttpOnly proxy_sid cookies, WebSocket support, and wildcard domain routing for production.
Notebook Editor
Interactive Python notebooks powered by Marimo with reactive execution and rich outputs.
Code Editor
VS Code-style development environment with terminal access, Git integration, and LSP support.
SQL Editor
Native SQL query interface with warehouse integration, streaming results, and catalog autocomplete.
Data Catalog
Hierarchical Unity Catalog browser with lazy loading, metadata display, and BYOD support.
Pipeline Editor
Visual node-based pipeline designer with drag-and-drop nodes and Delta Live Tables execution.