Skip to main content

OAuth Integration

You can provide configuration to Snowflake Object Lifecycle Engine for the following operation with OAuth integration:

  • Manage the lifecycle of new and existing OAuth integrations



We have introduced SOLE for Data Products as a new framework for SOLE to help you easily build an ecosystem of data products. Learn more about SOLE for Data Products which is currently available as a private preview.

<configuration-key>: <value>
- <role-name>
- <role-name>

Supported parameters

The engine supports the parameters listed below.

Configuration KeyRequired / OptionalData Types and ValuesDescription
oauth_clientRequiredStringSpecifies the OAuth client type
blocked_roles_listOptionalSet/List of StringList of roles that a user cannot explicitly consent to use after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
commentOptionalStringSpecifies a comment for the OAuth integration
deletedOptionalBoolean: True enables deletion prevention, False does nothingSpecifies what objects are allowed to be deleted
enabledOptionalBooleanSpecifies whether this OAuth integration is enabled or disabled
environmentOptionalStringSpecify the environment in which the OAuth integration is managed. Regex can be provided as well
grantsOptionalMap: See Supported OAuth Integration Grants to RolesList of Privileges and Roles to which privileges are granted on the current OAuth integration
manage_modeOptionalEnumeration: all (default), none, grantsConfigures what properties to manage for the OAuth integration.
See Changing Manage Mode before changing the value.
namespacingOptionalEnumeration: both (default), prefix, suffix, noneSpecify whether prefix or suffix or both are to be added to OAuth integration name
oauth_issue_refresh_tokensBooleanList of StringSpecifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired
oauth_refresh_token_validityOptionalNumberSpecifies how long refresh tokens should be valid (in seconds). oauth_issue_refresh_tokens must be set to TRUE.
oauth_use_secondary_rolesOptionalStringSpecifies whether default secondary roles set in the user properties are activated by default in the session being opened

Supported OAuth integration grants to roles

Following are the privileges you can grant to roles in the OAuth integration definition:



- ROLE_1
comment: "Test OAuth 1"
oauth_client: TABLEAU_DESKTOP
enabled: false
oauth_issue_refresh_tokens: false
oauth_refresh_token_validity: 3600