Snowflake
Register OAuth application in Snowflake
The Snowflake administrator registers an OAuth Application in Snowflake.
The Snowflake administrator adds a redirect_uri
for the OAuth application. This redirect is where Snowflake sends the user’s OAuth credentials at the end of the OAuth handshake. This allows Posit Connect to obtain a temporary access token and refresh token from Snowflake, which is then used to access protected resources on behalf of the user.
Connect currently only supports integrations which target Confidential
Snowflake OAuth applications. Confidential applications require clients to authenticate with a client secret.
The following example uses Snowflake SQL’s CREATE SECURITY INTEGRATION
command to create a new OAuth application:
Replace connect.example.org
with the address of the Connect server.
CREATE SECURITY INTEGRATION posit-connect
TYPE = OAUTH
= TRUE
ENABLED = CUSTOM
OAUTH_CLIENT = 'CONFIDENTIAL'
OAUTH_CLIENT_TYPE = 'https://connect.example.org/__oauth__/integrations/callback'
OAUTH_REDIRECT_URI = FALSE
OAUTH_ALLOW_NON_TLS_REDIRECT_URI = TRUE OAUTH_ISSUE_REFRESH_TOKENS
To obtain the client ID and secret, use the following command:
'posit-connect' ) SYSTEM$SHOW_OAUTH_CLIENT_SECRETS(
The Snowflake administrator makes note of the client_id
and client_secret
from the registered OAuth application and shares this information with the Posit Connect administrator.
Create OAuth integration in Posit Connect
The Posit Connect administrator creates an OAuth integration through the dashboard’s Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.
Alternatively, the example below shows how to create a Snowflake OAuth integration using curl
and the Connect Server API.
Replace connect.example.org
with the address of the Connect server. Replace https://myorg-account_xyz.snowflakecomputing.com
with the Snowflake account URL.
Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
-XPOST https://connect.example.org/__api__/v1/oauth/integrations \
--data '{
"template": "snowflake",
"name": "Snowflake OAuth integration",
"config": {
"account_url": "https://myorg-account_xyz.snowflakecomputing.com",
"client_id": "<snowflake-client-id>",
"client_secret": "<snowflake-client-secret>"
}
}'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }