Snowflake OAuth Integration

If you wish to use Snowflake's built-in OAuth capabilities to provide OAuth-based authentication for your users when they query Snowflake from Row Zero, follow the steps below. The corresponding Snowflake documentation is here and here. You will need administrator priviledges in order to configure these settings in your Snowflake account.

CREATE SECURITY INTEGRATION "Row Zero"
    TYPE = OAUTH
    ENABLED = TRUE
    OAUTH_CLIENT = CUSTOM
    OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
    OAUTH_REDIRECT_URI = 'https://oauth.rowzero.io/oauth/authorization-code/1'
    OAUTH_ENFORCE_PKCE = TRUE
;

Note: It is important to use the name "Row Zero" because Snowflake uses the security integration name as a display name that it shows to users when they are signing in to Snowflake, like this: Sample Snowflake OAuth Display Name

After the create statement succeeds, you will need to run two Snowflake queries to obtain information about your security integration:

DESCRIBE SECURITY INTEGRATION "Row Zero";

SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('Row Zero');

Once you have the above information, contact us at Row Zero so that we can configure the OAuth integration on our end.

This is the information that we will need from you:

  1. Your Snowflake account identifier (see here). It'll look like ORGNAME-ACCOUNTNAME.
  2. The following three values from the DESCRIBE SECURITY INTEGRATION result:
    • OAUTH_CLIENT_ID
    • OAUTH_AUTHORIZATION_ENDPOINT
    • OAUTH_TOKEN_ENDPOINT
  3. The client secrets from the SHOW_OAUTH_CLIENT_SECRETS result. Do not share this via email or other unsecured means. We will give you a secure way to provide your secret.