Snowflake S3 OAuth2 Account
In this article
Overview
You can use this account type to connect Snowflake Snaps with data sources that use a Snowflake S3 OAuth2 account. Snowflake OAuth uses Snowflake’s built-in OAuth service to provide OAuth-based authentication.
Prerequisites
Create a Security Integration in Snowflake to generate a client ID and a client secret. Learn more about generating a Client ID and a Client Secret in Snowflake.
Limitations and Known Issues
If an S3 bucket is specified in the SnapLogic Snowflake Account, the S3 credentials are validated as follows:
The S3 access-key ID and S3 secret key specified are used to create an S3 connection.
If the S3 access-key ID and S3 secret key are not specified, the Snap will use the IAM role instead.
If the Snap is not able to write to the S3 bucket, validation ends with an error stating that the Snap is unable to write to the specified S3 bucket.
If the Snap is able to write to (but not delete from) the provided S3 bucket, validation ends with an error indicating that the configuration is not able to delete from the S3 bucket.
The S3 AWS token is also validated if specified.
Note that only global Security Token Service (STS) regions are supported.
If an S3 bucket isn’t specified in the SnapLogic Account, no validation of S3 credentials occurs.
Account Settings
Asterisk (*): Indicates a mandatory field.
Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.
Expression icon (): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.
Add icon (): Indicates that you can add fields in the field set.
Remove icon (): Indicates that you can remove fields from the field set.
Field Name | Field Type | Description | |
---|---|---|---|
Label*  Default Value: [None] | String | A unique name for your account instance.  | |
Client ID*  Default Value: N/A | String | The OAuth Client ID (to be used for token request) that you obtain from the Snowflake Console when the client is registered. Learn more about How to generate OAuth Client ID and Client secret.  | |
Client secret  Default Value: N/A | String | The OAuth Client secret that you obtain from the Snowflake Console.  | |
Access token*  Default Value: N/A | String | Auto-generated upon account authorization. The access token is used to make API requests on behalf of the user associated with the client ID.  | |
Refresh token  Default Value: N/A | String | Auto-generated upon account authorization. The token used to refresh the access token. To access the API beyond the lifetime of a single access token, your application can obtain a refresh token. The application stores the refresh token for future use and automatically refreshes the access token before it expires. | |
Access token expiration  Default Value: N/A | Integer | Auto-generated upon account authorization. The number of seconds after which the access token expires. We recommend that you set the | |
Header authenticated  Default Value: Deselected | Checkbox | Select this checkbox to enable the endpoint's bearer header authentication.  | |
OAuth2 authorization endpoint*  Default Value: N/A | String | Specify the endpoint in this format  | |
OAuth2 token endpoint*  Default Value: N/A | String | Specify the OAuth2 token in this format  | |
Grant type  Default Value: authorization_code | Dropdown list | Select one of the following Grant types for authorization:
| |
Token endpoint config | Use this field set to define custom properties for the OAuth2 token endpoint. This endpoint returns access tokens or refresh tokens depending on the request parameters. | ||
Token endpoint parameter  Default Value: N/A | String | Specify the parameter for the token endpoint.  | |
Token endpoint parameter value  Default Value: N/A | String | Specify the value for the token endpoint parameter.  | |
Authorization endpoint config | Use this field set to define custom properties for the OAuth2 authentication endpoint. | ||
Authentication parameter  Default Value: N/A | String | Specify the parameter for OAuth2 authentication.  | |
Authentication parameter value  Default Value: N/A | String | Specify the value for the OAuth2 authentication parameter.  | |
Auto-refresh token  Default Value: Deselected | Checkbox | Select this checkbox to enable auto-refresh of the access token before it expires.  | |
Account properties | |||
JDBC JARs* | Use this field set to add a list of JDBC JAR files to be loaded. By default, the Snowflake account is bundled with the JDBC driver version 3.16.0. However, you can add a custom JAR file. Click + to add a new row for each JDBC JAR file. Add each JAR file in a separate row. See Downloading the JDBC Driver for more information about JDBC drivers and downloading the appropriate driver for your account. | ||
JDBC driver Default Value:Â N/A | String | Specify the fully-qualified name of the JDBC driver to be used for connecting to the server. | |
Hostname* Â Default value: None | String | Specify the hostname of the Snowflake server to which you want to connect the new account. | |
Port number* Â Default value: 443Â | Integer | Specify the port number associated with the Snowflake database server that you must use for this account. Â | |
Database name* Â Default value: None | String | Specify the name of the database to which you want to connect. Â | |
Warehouse name* Â Default value: None | String | Specify the name of the warehouse to which you want to connect. Â | |
JDBC driver class  Default Value: net.snowflake.client.jdbc.SnowflakeDriver | String | Specify the JDBC driver class to use.  | |
S3 bucket  Default Value: N/A | String | Specify the name of the S3 bucket that you want to use for staging data to Snowflake. | |
S3 folder  Default Value: N/A | String/Expression | Specify the relative path to a folder in the S3 bucket listed in the S3 Bucket field. This is used as a root folder for staging data to Snowflake.  | |
S3 access-key ID  Default Value: N/A | String/Expression | Specify the S3 access key ID that you want to use for AWS authentication.  | |
S3 secret key  Default Value: N/A | String/Expression | Specify the S3 secret key associated with the S3 Access-ID key listed in the S3 Access-key ID field.  | |
S3 AWS token  Default Value: None | String/Expression | Specify the S3 AWS Token to connect to private and protected Amazon S3 buckets. Note that only global Security Token Service (STS) regions are supported. | |
S3 storage integration  Default Value: N/A | String/Expression | Specify the predefined storage integration that is used to authenticate the Amazon S3 bucket hosting as an external stage. | |
Advanced properties | |||
URL properties | Use this field set to define the account parameter's name and its corresponding value. Click to add the parameters and the corresponding values. | ||
URL property name Default Value: N/A | String | Specify the name of the parameter for the URL property.  | |
URL property value Default Value: N/A | String | Specify the value for the URL property parameter.  | |
Batch size*  Default Value: N/A | Integer | Specify the number of Snowflake queries that you want to execute in a batch.
| |
Fetch size*  Default Value: 100 | Integer | Specify the number of rows a query must fetch for each execution. | |
Min pool size*  Default Value: 3 | Integer | Specify the minimum number of idle connections that you want the pool to maintain at a time.  | |
Max pool size*  Default Value: 15 | Integer | Specify the maximum number of connections that you want the pool to maintain at a time.  | |
Max lifetime (minutes)*  Default Value: 60 | Integer | Specify the maximum lifetime of a connection in the pool, in seconds.
Minimum value: 0 | |
Idle timeout (minutes)*  Default Value: 5 | Integer | Specify the maximum amount of time in seconds that a connection is allowed to sit idle in the pool. Minimum value: 0 | |
Checkout timeout (milliseconds)*  Default Value: 10000 | Integer | Specify the maximum time in milliseconds you want the system to wait for a connection to become available when the pool is exhausted. Minimum value: 0 |
Failed to execute query because of SQL compilation error. Â Â | If database usage is not granted for the role, the account validation fails. | Run the following command in Snowflake worksheet:
|
If schema or table usage is not granted for the role, the account validation fails. | Run the following command in Snowflake worksheet based on requirements: GRANT USAGE ON SCHEMA SNAPDEV.CUSTOMER TO ROLE public
(or)
GRANT ALL ON TABLE SNAPDEV.CUSTOMER.TEST TO ROLE public; |
Snap Pack History
Related Content
Configuring Security Integration in Snowflake to use in Snowflake OAuth2 Accounts
Configure Snowflake OAuth for Custom Clients — Snowflake Documentation
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.