Code link: https://github.com/databricks/databricks-ai-bridge/blob/main/databricks_mcp/src/databricks_mcp/connector.py#L511-L513
Our backend is correctly rejecting Databricks MCP connections, as the request contains the client_id/client_secret in both the Authorization header and the body form post, which is in violation of OAuth 2.0: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3
This behavior should be at most header or body, never both at the same time.
Code link: https://github.com/databricks/databricks-ai-bridge/blob/main/databricks_mcp/src/databricks_mcp/connector.py#L511-L513
Our backend is correctly rejecting Databricks MCP connections, as the request contains the client_id/client_secret in both the Authorization header and the body form post, which is in violation of OAuth 2.0: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3
This behavior should be at most header or body, never both at the same time.