An OAuth integration allows Shadowfax to connect to your Snowflake data warehouse as a service role. The integration is valid for up to 90 days and needs to be renewed periodically by a sysadmin.
Please start by following the Snowflake Role Creation Guide to create the SHADOWFAX role in your account.
We need to create an OAuth security integration:
CREATE OR REPLACE SECURITY INTEGRATION SHADOWFAX_CLIENT
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = 'https://workspaces.shadowfaxdata.com/snowflake/setup'
PRE_AUTHORIZED_ROLES_LIST = ('SHADOWFAX')
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;After executing the create SQL, we can retrieve the generated client ID and secret:
SELECT parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('SHADOWFAX_CLIENT'));Copy and record down the OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET values.
Execute this to find the account identifier:
SELECT CURRENT_ORGANIZATION_NAME() || '-' || CURRENT_ACCOUNT_NAME();Copy and record this as the account identifier
Navigate to Data Connections and click New and fill out the form with the information from previous steps.
Upon creation, the UI will redirect to the Snowflake Sign In page for authorization.