Snowflake
Configuring a Snowflake OAuth integration in Posit Connect involves two main steps, each performed by different administrators.
- Step 1: A Snowflake administrator registers an OAuth application in Snowflake.
- Step 2: A Posit Connect administrator creates an OAuth integration within Connect.
This guide walks through both steps of this process, providing the necessary information for each administrator role.
Step 1: Snowflake administrator
Register OAuth application in Snowflake
The Snowflake administrator registers an OAuth Application in Snowflake.
The Snowflake administrator adds a redirect_uri for the OAuth application. This redirect is where Snowflake sends the user’s OAuth credentials at the end of the OAuth handshake. This allows Posit Connect to obtain a temporary access token and refresh token from Snowflake, which is then used to access protected resources on behalf of the user.
Connect currently only supports integrations which target Confidential Snowflake OAuth applications. Confidential applications require clients to authenticate with a client secret.
The following example uses Snowflake SQL’s CREATE SECURITY INTEGRATION command to create a new OAuth application. Replace connect.example.org with the address of the Connect server.
CREATE SECURITY INTEGRATION POSIT_CONNECT
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = 'https://connect.example.org/__oauth__/integrations/callback'
OAUTH_ALLOW_NON_TLS_REDIRECT_URI = FALSE
OAUTH_ISSUE_REFRESH_TOKENS = TRUETo obtain the client ID and secret, use the following command:
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('POSIT_CONNECT');Transfer information to Connect administrator
The Snowflake administrator shares the following information with the Posit Connect administrator:
| Field | Description |
|---|---|
account_url |
URL of your Snowflake account. |
client_id |
The client ID obtained by querying the security integration. |
client_secret |
The client secret obtained by querying the security integration. |
scopes |
The permissions requested by Connect. See the Snowflake OAuth documentation for information on supported scopes. |
Step 2: Posit Connect administrator
Create OAuth integration in Posit Connect
Using the information from the Snowflake administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.
Alternatively, the example below shows how to create a Snowflake OAuth integration using curl and the Connect Server API.
Replace - connect.example.org with the address of the Connect server. - https://myorg-account_xyz.snowflakecomputing.com with the Snowflake account URL.
Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
-XPOST https://connect.example.org/__api__/v1/oauth/integrations \
--data '{
"template": "snowflake",
"name": "Snowflake OAuth integration",
"description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
"config": {
"account_url": "https://myorg-account_xyz.snowflakecomputing.com",
"client_id": "<snowflake-client-id>",
"client_secret": "<snowflake-client-secret>"
}
}'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }