Skip to main content

OAuth Integration

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with OAuth Integration:

  • Manage lifecycle of new and existing OAuth Integration.

Supported Parameters

The engine supports the parameters listed below.

  • OAUTH_CLIENT: Specifies the OAuth client type.
    • REQUIRED
    • Configuration key: oauth_client
    • Data Type: String
  • COMMENT: Specifies a comment for the OAuth integration.
    • Configuration key: comment
    • Data Type: String
  • BLOCKED_ROLES_LIST: List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    • Configuration key: blocked_roles_list
    • Data Type: Set/List of String
  • ENABLED: Specifies whether this OAuth integration is enabled or disabled.
    • Configuration key: enabled
    • Data Type: Boolean
  • OAUTH_ISSUE_REFRESH_TOKENS: Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired.
    • Configuration key: oauth_issue_refresh_tokens
    • Data Type: Boolean
  • OAUTH_REFRESH_TOKEN_VALIDITY: Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE.
    • Configuration key: oauth_refresh_token_validity
    • Data Type: Number
  • OAUTH_USE_SECONDARY_ROLES: Specifies whether default secondary roles set in the user properties are activated by default in the session being opened.
    • Configuration key: oauth_use_secondary_roles
    • Data Type: String
  • NAMESPACING: Specify whether Prefix or Suffix or both are to be added to OAuth Integration Name.
    • Configuration key: namespacing
    • Data Type: String
    • Possible Values:
      • none
      • prefix
      • suffix
      • both(Default)
  • ENVIRONMENT: Specify the environment in which the OAuth Integration is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the OAuth Integration.
    • Configuration key: manage_mode
    • Data Type: String
    • Possible Values:
      • none
      • grants
      • all(Default)
  • GRANTS: List of Privileges and Roles to which privileges are granted to on the current OAuth Integration.
    • Configuration key: grants
    • Data Type: Map

Supported OAUTH Integration Grants to Roles

Following is the list of Privileges Grant to Roles that can be specified in the oauth integration definition

  • ALL PRIVILEGES
  • USAGE
  • USE_ANY_ROLE
  • OWNERSHIP

Basic syntax

oauth_integrations:
<oauth_integration-name>:
<configuration-key>: <value>
grants:
<privilege>:
- <role-name>
- <role-name>

Example

oauth_integrations:
OAUTH_INTEGRATION_1:
grants:
USAGE:
- ROLE_1
comment: "Test oauth 1"
oauth_client: TABLEAU_DESKTOP
enabled: false
oauth_issue_refresh_tokens: false
oauth_refresh_token_validity: 3600