Snowflake S3 OAuth2 Account

In this article

Overview

You can use this account type to connect Snowflake Snaps with data sources that use a Snowflake S3 OAuth2 account. Snowflake OAuth uses Snowflake’s built-in OAuth service to provide OAuth-based authentication.

Prerequisites

Create a Security Integration in Snowflake to generate a client ID and a client secret. Learn more about generating a Client ID and a Client Secret in Snowflake.

Limitations and Known Issues

  • If an S3 bucket is specified in the SnapLogic Snowflake Account, the S3 credentials are validated as follows:

    • The S3 access-key ID and S3 secret key specified are used to create an S3 connection.

      • If the S3 access-key ID and S3 secret key are not specified, the Snap will use the IAM role instead.

      • If the Snap is not able to write to the S3 bucket, validation ends with an error stating that the Snap is unable to write to the specified S3 bucket.

    • If the Snap is able to write to (but not delete from) the provided S3 bucket, validation ends with an error indicating that the configuration is not able to delete from the S3 bucket.

    • The S3 AWS token is also validated if specified.

      • Note that only global Security Token Service (STS) regions are supported.

  • If an S3 bucket isn’t specified in the SnapLogic Account, no validation of S3 credentials occurs.

Account Settings

  • Asterisk (*): Indicates a mandatory field.

  • Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.

  • Expression icon (): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.

  • Add icon (): Indicates that you can add fields in the field set.

  • Remove icon (): Indicates that you can remove fields from the field set.

Field Name

Field Type

Description

Field Name

Field Type

Description

Label*

 

Default Value: [None]
Example: SnowflakeOauth2Account_Test

String

A unique name for your account instance.

 

Client ID*

 

Default Value: N/A
Example: abcd12345xyz567

String

The OAuth Client ID (to be used for token request) that you obtain from the Snowflake Console when the client is registered. Learn more about How to generate OAuth Client ID and Client secret.

 

Client secret

 

Default Value: N/A
Example: <Encrypted>

String

The OAuth Client secret that you obtain from the Snowflake Console. 

 

Access token*

 

Default Value: N/A
Example: 857426

String

Auto-generated upon account authorization. The access token is used to make API requests on behalf of the user associated with the client ID.

 

Refresh token

 

Default Value: N/A
Example: 857427

String

Auto-generated upon account authorization. The token used to refresh the access token.

To access the API beyond the lifetime of a single access token, your application can obtain a refresh token. The application stores the refresh token for future use and automatically refreshes the access token before it expires.

Access token expiration

 

Default Value: N/A
Example: 6541

Integer

Auto-generated upon account authorization. The number of seconds after which the access token expires.

We recommend that you set the oauth_refresh_token_validity to 7776000 seconds when creating the Security Integration in Snowflake as this is the maximum time Snowflake allows for getting refresh tokens.

Header authenticated

 

Default Value: Deselected
Example: N/A

Checkbox

Select this checkbox to enable the endpoint's bearer header authentication.

 

OAuth2 authorization endpoint*

 

Default Value: N/A
Example: https://myaccount.snowflakecomputing.com/oauth/authorize

String

Specify the endpoint in this format https://<account_identifier>.snowflakecomputing.com/oauth/authorize to authorize the application.
Account identifier is the full name of your account that is provided by Snowflake.

 

OAuth2 token endpoint*

 

Default Value: N/A
Example: https://myaccount.snowflakecomputing.com/oauth/token-request

String

Specify the OAuth2 token in this format https://<account_identifier>.snowflakecomputing.com/oauth/token-request to get the access token.

 

Grant type

 

Default Value: authorization_code
Example: client_credentials

Dropdown list

Select one of the following Grant types for authorization:

  • password: Obtains access token using your login credentials (username and password). When selected, it populates the following fields:

    • Username: Enter the username of the account type.

    • Password: Enter the password of the account type.

  • authorization_code: Authentication using credentials (username and password), which return to the client through a redirect URL. The application then receives the authorization code from the URL and uses it to request an access token.

  • client_credentials: Obtains an access token for the client ID and client secret through the token endpoint URL.

Token endpoint config

Use this field set to define custom properties for the OAuth2 token endpoint. This endpoint returns access tokens or refresh tokens depending on the request parameters.

Token endpoint parameter

 

Default Value: N/A
Example: redirect_uri

String

Specify the parameter for the token endpoint.

 

Token endpoint parameter value

 

Default Value: N/A
Example: https://elastic.snaplogic.com/api/1/snowflake/admin/oauth2callback/snowflake

String

Specify the value for the token endpoint parameter.

 

Authorization endpoint config

Use this field set to define custom properties for the OAuth2 authentication endpoint.

Authentication parameter

 

Default Value: N/A
Example: redirect_uri

String

Specify the parameter for OAuth2 authentication.

 

Authentication parameter value

 

Default Value: N/A
Example: https://elastic.snaplogic.com/api/1/snowflake/admin/oauth2callback/snowflake

String

Specify the value for the OAuth2 authentication parameter.

 

Auto-refresh token

 

Default Value: Deselected 

Checkbox

Select this checkbox to enable auto-refresh of the access token before it expires.

 

Account properties

JDBC JARs*

Use this field set to add a list of JDBC JAR files to be loaded. By default, the Snowflake account is bundled with the JDBC driver version 3.16.0. However, you can add a custom JAR file.

Click + to add a new row for each JDBC JAR file. Add each JAR file in a separate row. See Downloading the JDBC Driver for more information about JDBC drivers and downloading the appropriate driver for your account.

JDBC driver

Default Value: N/A
Example: snowflake-jdbc-3.16.0.jar

String

Specify the fully-qualified name of the JDBC driver to be used for connecting to the server.

Hostname*

 

Default value: None
Example: demo.snowflake.net

String

Specify the hostname of the Snowflake server to which you want to connect the new account.

Port number*

 

Default value: 443 
Example: 332

Integer

Specify the port number associated with the Snowflake database server that you must use for this account.

 

Database name*

 

Default value: None
Example: TestDB

String

Specify the name of the database to which you want to connect.

 

Warehouse name*

 

Default value: None
Example: SW_WH

String

Specify the name of the warehouse to which you want to connect.

 

JDBC driver class

 

Default Value: net.snowflake.client.jdbc.SnowflakeDriver
Example: net.snowflake.client.jdbc.SnowflakeDriver

String

Specify the JDBC driver class to use.

 

S3 bucket

 

Default Value: N/A
Example: sl-bucket-ca

String

Specify the name of the S3 bucket that you want to use for staging data to Snowflake. 

S3 folder

 

Default Value: N/A
Example: sl-bucket-cas3/test

String/Expression

Specify the relative path to a folder in the S3 bucket listed in the S3 Bucket field. This is used as a root folder for staging data to Snowflake.

 

S3 access-key ID

 

Default Value: N/A
Example: NAVRGGRV7EDCFVLKJH

String/Expression

Specify the S3 access key ID that you want to use for AWS authentication.

 

S3 secret key

 

Default Value: N/A
Example: 2RGiLmL/6bCujkKLaRuUJHY9uSDEjNYr+ozHRtg

String/Expression

Specify the S3 secret key associated with the S3 Access-ID key listed in the S3 Access-key ID field.

 

S3 AWS token

 

Default Value: None
Example: AQoDYXdzEJr

String/Expression

Specify the S3 AWS Token to connect to private and protected Amazon S3 buckets. Note that only global Security Token Service (STS) regions are supported.

S3 storage integration

 

Default Value: N/A
Example: S3_Storage_Integration

String/Expression

Specify the predefined storage integration that is used to authenticate the Amazon S3 bucket hosting as an external stage.

Advanced properties

URL properties

Use this field set to define the account parameter's name and its corresponding value. Click to add the parameters and the corresponding values.

URL property name

Default Value: N/A
Example: queryTimeout

String

Specify the name of the parameter for the URL property.

 

URL property value

Default Value: N/A
Example: 0

String

Specify the value for the URL property parameter.

 

Batch size*

 

Default Value: N/A
Example: 3

Integer

Specify the number of Snowflake queries that you want to execute in a batch.

  • If the Batch Size is one, the query is executed as-is, that is the Snap skips the batch (non-batch execution).

  • If the Batch Size is greater than one, the Snap performs the regular batch execution.

Fetch size*

 

Default Value: 100
Example: 12

Integer

Specify the number of rows a query must fetch for each execution.

Min pool size*

 

Default Value: 3
Example: 0

Integer

Specify the minimum number of idle connections that you want the pool to maintain at a time. 

 

Max pool size*

 

Default Value: 15
Example: 0

Integer

Specify the maximum number of connections that you want the pool to maintain at a time.

 

Max lifetime (minutes)*

 

Default Value: 60
Example: 50

Integer

Specify the maximum lifetime of a connection in the pool, in seconds.

  • Ensure that the value you enter is a few seconds shorter than any database or infrastructure-imposed connection time limit.

  • 0 indicates an infinite lifetime, subject to the Idle Timeout value.

  • An in-use connection is never retired. Connections are removed only after they are closed.

Minimum value: 0
Maximum value: No limit

Idle timeout (minutes)*

 

Default Value: 5
Example: 4

Integer

Specify the maximum amount of time in seconds that a connection is allowed to sit idle in the pool. 

Minimum value: 0
Maximum value: No limit

Checkout timeout (milliseconds)*

 

Default Value: 10000
Example: 9000

Integer

Specify the maximum time in milliseconds you want the system to wait for a connection to become available when the pool is exhausted.

Minimum value: 0
Maximum value: No limit

Failed to execute query because of SQL compilation error.

 

 

If database usage is not granted for the role, the account validation fails.

Run the following command in Snowflake worksheet:

GRANT USAGE ON DATABASE SNAPDEV TO ROLE public

If schema or table usage is not granted for the role, the account validation fails.

Run the following command in Snowflake worksheet based on requirements:

GRANT USAGE ON SCHEMA SNAPDEV.CUSTOMER TO ROLE public (or) GRANT ALL ON TABLE SNAPDEV.CUSTOMER.TEST TO ROLE public;

Snap Pack History


Related Content