0

I did look into Request an access token with a client_secret and Connecting with OAuth and cannot find details how this can be programatically to pass token into:

ctx = snowflake.connector.connect(
    user="<username>",
    host="<hostname>",
    account="<account_identifier>",
    authenticator="OAUTH_CLIENT_CREDENTIALS", 
    # this part is just a parameter but where is a helper function and who takes care if this part in the flow?
    token="<oauth_access_token>",
    warehouse="test_warehouse",
    database="test_db",
    schema="test_schema"
)

Enable the OAuth 2.0 Client Credentials flow`Set the authenticator connection parameter to OAUTH_CLIENT_CREDENTIALS.

I do see on microsoft documentation: GET http://localhost? code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq... &state=12345

AND I do have a browser GET how to generate authorrization code:

// Line breaks for legibility only

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=00001111-aaaa-2222-bbbb-3333cccc4444
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345

So all this one I can go thru Postman and execute but how in snowflake this works? an example would be good to have and where does go from snowflake part Connection Parameters, is it into requests done and just capture to pass it to snowflake connection token or is something I do not see into their documentation ? Below is what I do struggle to understand how to use and more directly into SageMaker JupyterLab to initate connection:

The OAuth 2.0 Client Credentials flow provides a secure way for machine-to-machine (M2M) authentication, such as the Snowflake Connector for Python connecting to a backend service. Unlike the OAuth 2.0 Authorization Code flow, this method does not rely on any user-specific data.

To enable the OAuth 2.0 Client Credentials flow:

Set the authenticator connection parameter to OAUTH_CLIENT_CREDENTIALS.

Set the following OAuth connection parameters:

oauth_client_id: Value of client id provided by the Identity Provider for Snowflake integration (Snowflake security integration metadata).

oauth_client_secret: Value of the client secret provided by the Identity Provider for Snowflake integration (Snowflake security integration metadata)

oauth_token_request_url: Identity Provider endpoint supplying the access tokens to the driver. When using Snowflake as an Identity Provider, this value is derived from the server or account parameters.

oauth_scope: Scope requested in the Identity Provider authorization request. By default, it is derived from the role. When multiple scopes are required, the value should be a space-separated list of multiple scopes.
Improve this question

1 Answer 1

Reset to default
0

It seems that you are trying to get the token using the Client credentials flow but are making the request using the Authorization code flow.

In the client credentials flow you shall not be required to initiate a connection to the authorization endpoint to get the Authorization code. Instead the call is made to the token url with the client id and client secret and the request is for the access token.

If the client ID and client secret is correct then in response you will get the Access token which can be used to initiate the connection.

Note: The Client authentication is supported by the External Oauth providers such as Azure, Okta etc..

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.