OAuth Integration
Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with OAuth Integration:
- Manage lifecycle of new and existing OAuth Integration.
Supported Parameters
The engine supports the parameters listed below.
- OAUTH_CLIENT: Specifies the OAuth client type.
- REQUIRED
- Configuration key:
oauth_client
- Data Type: String
- COMMENT: Specifies a comment for the OAuth integration.
- Configuration key:
comment
- Data Type: String
- Configuration key:
- BLOCKED_ROLES_LIST: List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Configuration key:
blocked_roles_list
- Data Type: Set/List of String
- Configuration key:
- ENABLED: Specifies whether this OAuth integration is enabled or disabled.
- Configuration key:
enabled
- Data Type: Boolean
- Configuration key:
- OAUTH_ISSUE_REFRESH_TOKENS: Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired.
- Configuration key:
oauth_issue_refresh_tokens
- Data Type: Boolean
- Configuration key:
- OAUTH_REFRESH_TOKEN_VALIDITY: Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE.
- Configuration key:
oauth_refresh_token_validity
- Data Type: Number
- Configuration key:
- OAUTH_USE_SECONDARY_ROLES: Specifies whether default secondary roles set in the user properties are activated by default in the session being opened.
- Configuration key:
oauth_use_secondary_roles
- Data Type: String
- Configuration key:
- NAMESPACING: Specify whether Prefix or Suffix or both are to be added to OAuth Integration Name.
- Configuration key:
namespacing
- Data Type: String
- Possible Values:
none
prefix
suffix
both
(Default)
- Configuration key:
- ENVIRONMENT: Specify the environment in which the OAuth Integration is managed. Regex can be provided as well.
- Configuration key:
environment
- Data Type: String
- Configuration key:
- MANAGE_MODE: Configures what properties to manage for the OAuth Integration.
- Configuration key:
manage_mode
- Data Type: String
- Possible Values:
none
grants
all
(Default)
- Configuration key:
- GRANTS: List of Privileges and Roles to which privileges are granted to on the current OAuth Integration.
- Configuration key:
grants
- Data Type: Map
- Configuration key:
Basic Syntax
oauth_integrations:
<oauth-integration-name>:
<configuration-key>: <value>
Example
oauth_integrations:
OAUTH_INTEGRATION_1:
grants:
USAGE:
- ROLE_1
comment: "Test oauth 1"
oauth_client: TABLEAU_DESKTOP
enabled: false
oauth_issue_refresh_tokens: false
oauth_refresh_token_validity: 3600