Snowflake S3 OAuth2 Account

In this article

Overview

You can use this account type to connect Snowflake Snaps with data sources that use a Snowflake S3 OAuth2 account. Snowflake OAuth uses Snowflake’s built-in OAuth service to provide OAuth-based authentication.

Prerequisites

Create a Security Integration in Snowflake to generate a client ID and a client secret. Learn more about generating a Client ID and a Client Secret in Snowflake.

Limitations and Known Issues

  • If an S3 bucket is specified in the SnapLogic Snowflake Account, the S3 credentials are validated as follows:

    • The S3 access-key ID and S3 secret key specified are used to create an S3 connection.

      • If the S3 access-key ID and S3 secret key are not specified, the Snap will use the IAM role instead.

      • If the Snap is not able to write to the S3 bucket, validation ends with an error stating that the Snap is unable to write to the specified S3 bucket.

    • If the Snap is able to write to (but not delete from) the provided S3 bucket, validation ends with an error indicating that the configuration is not able to delete from the S3 bucket.

    • The S3 AWS token is also validated if specified.

      • Note that only global Security Token Service (STS) regions are supported.

  • If an S3 bucket isn’t specified in the SnapLogic Account, no validation of S3 credentials occurs.

Account Settings

  • Asterisk (*): Indicates a mandatory field.

  • Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.

  • Expression icon (): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.

  • Add icon (): Indicates that you can add fields in the field set.

  • Remove icon (): Indicates that you can remove fields from the field set.

Field Name

Field Type

Description

Field Name

Field Type

Description

Label*

 

Default Value: [None]
ExampleSnowflakeOauth2Account_Test

String

A unique name for your account instance.

 

Client ID*

 

Default Value: N/A
Exampleabcd12345xyz567

String

The OAuth Client ID (to be used for token request) that you obtain from the Snowflake Console when the client is registered. Learn more about How to generate OAuth Client ID and Client secret.

 

Client secret

 

Default Value: N/A
Example<Encrypted>

String

The OAuth Client secret that you obtain from the Snowflake Console. 

 

Access token*

 

Default Value: N/A
Example857426

String

Auto-generated upon account authorization. The access token is used to make API requests on behalf of the user associated with the client ID.

 

Refresh token

 

Default Value: N/A
Example857427

String

Auto-generated upon account authorization. The token used to refresh the access token.

To access the API beyond the lifetime of a single access token, your application can obtain a refresh token. The application stores the refresh token for future use and automatically refreshes the access token before it expires.

Access token expiration

 

Default Value: N/A
Example6541

Integer

Auto-generated upon account authorization. The number of seconds after which the access token expires.

We recommend that you set the oauth_refresh_token_validity to 7776000 seconds when creating the Security Integration in Snowflake as this is the maximum time Snowflake allows for getting refresh tokens.

Header authenticated

 

Default Value: Deselected
Example: N/A

Checkbox

Select this checkbox to enable the endpoint's bearer header authentication.

 

OAuth2 authorization endpoint*

 

Default Value: N/A
Example: https://myaccount.snowflakecomputing.com/oauth/authorize

String

Specify the endpoint in this format https://<account_identifier>.snowflakecomputing.com/oauth/authorize to authorize the application.
Account identifier is the full name of your account that is provided by Snowflake.

 

OAuth2 token endpoint*

 

Default Value: N/A
Example: https://myaccount.snowflakecomputing.com/oauth/token-request

String

Specify the OAuth2 token in this format https://<account_identifier>.snowflakecomputing.com/oauth/token-request to get the access token.

 

Grant type

 

Default Valueauthorization_code
Exampleclient_credentials

Dropdown list

Select one of the following Grant types for authorization:

  • password: Obtains access token using your login credentials (username and password). When selected, it populates the following fields:

    • Username: Enter the username of the account type.

    • Password: Enter the password of the account type.

  • authorization_code: Authentication using credentials (username and password), which return to the client through a redirect URL. The application then receives the authorization code from the URL and uses it to request an access token.

  • client_credentials: Obtains an access token for the client ID and client secret through the token endpoint URL.

Token endpoint config

Use this field set to define custom properties for the OAuth2 token endpoint. This endpoint returns access tokens or refresh tokens depending on the request parameters.

Token endpoint parameter

 

Default Value: N/A
Exampleredirect_uri

String

Specify the parameter for the token endpoint.

 

Token endpoint parameter value

 

Default Value: N/A
Examplehttps://elastic.snaplogic.com/api/1/snowflake/admin/oauth2callback/snowflake

String

Specify the value for the token endpoint parameter.

 

Auth endpoint config

Use this field set to define custom properties for the OAuth2 authentication endpoint.

Authentication parameter

 

Default Value: N/A
Exampleredirect_uri

String

Specify the parameter for OAuth2 authentication.

 

Authentication parameter value

 

Default Value: N/A
Examplehttps://elastic.snaplogic.com/api/1/snowflake/admin/oauth2callback/snowflake

String

Specify the value for the OAuth2 authentication parameter.

 

Auto-refresh token

 

Default ValueDeselected 

Checkbox

Select this checkbox to enable auto-refresh of the access token before it expires.

 

Account properties

JDBC JARs*

Use this field set to add a list of JDBC JAR files to be loaded. By default, the Snowflake account is bundled with the JDBC driver version 3.16.0. However, you can add a custom JAR file.

Click + to add a new row for each JDBC JAR file. Add each JAR file in a separate row. See Downloading the JDBC Driver for more information about JDBC drivers and downloading the appropriate driver for your account.

JDBC Driver

Default Value: N/A
Examplesnowflake-jdbc-3.16.0.jar

String

Specify the fully-qualified name of the JDBC driver to be used for connecting to the server.

Hostname*

 

Default value: None
Example: demo.snowflake.net

String

Specify the hostname of the Snowflake server to which you want to connect the new account.

Port Number*

 

Default value: 443 
Example: 332

Integer

Specify the port number associated with the Snowflake database server that you must use for this account.

 

Database name*

 

Default value: None
Example: TestDB

String

Specify the name of the database to which you want to connect.

 

Warehouse name*

 

Default value: None
Example: SW_WH

String

Specify the name of the warehouse to which you want to connect.

 

JDBC Driver Class

 

Default Valuenet.snowflake.client.jdbc.SnowflakeDriver
Examplenet.snowflake.client.jdbc.SnowflakeDriver

String

Specify the JDBC driver class to use.

 

S3 Bucket

 

Default Value: N/A
Example: sl-bucket-ca

String

Specify the name of the