Skip to main content

Get current user

This recipe gets information about the user accessing this Databricks App from their HTTP headers.

Code snippet

app.py
import reflex as rx
from databricks.sdk import WorkspaceClient
import json
import asyncio
import logging


class GetCurrentUserState(rx.State):
    header_email: str = ""
    header_username: str = ""
    header_user: str = ""
    header_ip: str = ""
    header_token: str = ""
    user_id: str = ""
    user_name: str = ""
    user_display_name: str = ""
    user_active: bool = False
    user_external_id: str = ""
    groups_count: int = 0
    entitlements_count: int = 0
    all_headers_json: str = ""
    user_json: str = ""
    is_loading: bool = False
    error_message: str = ""

    @rx.event(background=True)
    async def get_user_headers(self):
        async with self:
            self.is_loading = True
            self.error_message = ""
            headers = self.router.headers
            # Convert HeaderData to dict safely
            try:
                headers_dict = {k: v for k, v in vars(headers).items() if not k.startswith('_')}
            except Exception:
                headers_dict = {}
            self.all_headers_json = json.dumps(headers_dict, indent=2)

            self.header_email = getattr(headers, "x_forwarded_email", "")
            self.header_username = getattr(
                headers, "x_forwarded_preferred_username", ""
            )
            self.header_user = getattr(headers, "x_forwarded_user", "")
            self.header_ip = getattr(headers, "x_real_ip", "")
            self.header_token = getattr(headers, "x_forwarded_access_token", "")
        try:
            if self.header_token:
                loop = asyncio.get_running_loop()

                def fetch_user_info(token):
                    w = WorkspaceClient(token=token, auth_type="pat")
                    return w.current_user.me()

                me = await loop.run_in_executor(
                    None, fetch_user_info, self.header_token
                )
                async with self:
                    self.user_id = me.id
                    self.user_name = me.user_name or ""
                    self.user_display_name = me.display_name or ""
                    self.user_active = me.active
                    self.user_external_id = me.external_id or ""
                    self.groups_count = len(me.groups) if me.groups else 0
                    self.entitlements_count = len(me.entitlements) if me.entitlements else 0
                    self.user_json = json.dumps(me.as_dict(), indent=2)
            else:
                async with self:
                    pass
        except Exception as e:
            logging.exception(f"Error fetching current user: {e}")
            async with self:
                self.error_message = f"Error fetching user info: {e}"
        finally:
            async with self:
                self.is_loading = False
info

This sample requires on-behalf-of-user authentication to be enabled for your app to access the X-Forwarded-Access-Token header. Without this, you will only have access to basic user information from the headers, not the detailed information from the Databricks API. Without the user token present, w.current_user.me() will return information about the app service principal.

Resources

No Databricks resources are required for this recipe.

Permissions

No permissions configuration required for accessing headers. To use the current_user.me() API, the app must be configured with on-behalf-of-user authentication.

Dependencies

requirements.txt
databricks-sdk
reflex