Snowflake OAuth Integration
If you wish to use Snowflake's built-in OAuth capabilities to provide OAuth-based authentication for your users when they query Snowflake from Row Zero, follow the steps below. The corresponding Snowflake documentation is here and here. You will need administrator priviledges in order to configure these settings in your Snowflake account.
CREATE SECURITY INTEGRATION "Row Zero" TYPE = OAUTH ENABLED = TRUE OAUTH_CLIENT = CUSTOM OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = 'https://oauth.rowzero.io/oauth/authorization-code/1' OAUTH_ENFORCE_PKCE = TRUE ;
Note: It is important to use the name "Row Zero" because Snowflake uses the security integration name as a display name that it shows to users when they are signing in to Snowflake, like this:
After the create statement succeeds, you will need to run two Snowflake queries to obtain information about your security integration:
DESCRIBE SECURITY INTEGRATION "Row Zero";
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('Row Zero');
Once you have the above information, contact us at Row Zero so we can schedule a meeting to configure the OAuth integration on our end.
This is the information that we will need from you:
- Your Snowflake account identifier (see here). It'll look like
ORGNAME-ACCOUNTNAME
. - The following three values from the
DESCRIBE SECURITY INTEGRATION
result:OAUTH_CLIENT_ID
OAUTH_AUTHORIZATION_ENDPOINT
OAUTH_TOKEN_ENDPOINT
- The client secrets from the
SHOW_OAUTH_CLIENT_SECRETS
result. Do not share this via email or other unsecured means. We will give you a secure way to provide your secret.