We are proud to share our inclusion in the 2024 Gartner Magic Quadrant for Data Integration Tools. We believe this recognition reflects the differentiated business outcomes CData delivers to our customers.
Get the Report →
Snowflake Drivers: How to Setup and Use OAuth Authentication
This article introduces how to use OAuth authentication when connecting to Snowflake with CData Snowflake Drivers.
Snowflake has announced that it will block single-factor authentication sign-ins using passwords by November 2025. For new Snowflake accounts created after October 2024, multi-factor authentication (MFA) will be mandatory when signing in with a password. Additionally, from November 2025, password authentication will be blocked for all users.
When password authentication is blocked, connections using password authentication specified as the authentication method (setting the "Auth Scheme" property to "Password") in CData Snowflake Drivers will no longer be possible. Therefore, users currently using password authentication need to switch to the OAuth authentication method introduced in this article (or key-pair authentication; learn more).
CData Snowflake Drivers support various authentication methods with Snowflake. OAuth authentication is an authentication method wherein users authenticate directly with a service instead of passing credentials or key-pairs. To connect using key pair authentication from the driver, you need to have the private key of the key pair available, and the public key must be assigned to the login user. This article explains how to configure OAuth in Snowflake and use OAuth from CData Drivers for Snowflake.
Configuring OAuth in Snowflake
To configure OAuth in Snowflake, create a "Security integration" object, which facilitates the integration between Snowflake and your CData solution and obtain the OAuth client ID and client secret.
Create the Security integration
Use the CREATE SECURITY INTEGRATION command in Snowflake as a user with the ACCOUNTADMIN role (or with the global CREATE INTEGRATION privilege).
CREATE SECURITY INTEGRATION TEST_OAUTH
TYPE = OAUTH
ENABLED = TRUE
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = 'https://localhost.com'
OAUTH_ISSUE_REFRESH_TOKENS = TRUE;In the example above, the Security integration is named "TEST_OAUTH," refreshing of tokens is allowed, and the redirect URI is set to a localhost, meaning the integrating tool is likely running directly on a user's machine (on-premises or in a private cloud).
Snowflake returns a success message in the query results when the Security integration is completed.
Obtain the client ID and client secret
Use a SELECT query to retrieve the credentials for your Security integration. Execute the query as a user with the ACCOUNTADMIN role (or higher).
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('TEST_OAUTH');This query returns the client ID and client secret, which you need to configure OAuth authentication with CData solutions.
(Optional) Other Security integration operations
List all integrations
show integrations;
Delete an integration
drop integration if exists <integration_name>
With the client ID, client secret, and redirect URI, along with your other Snowflake instance properties, you are ready to configure OAuth authentication in CData solutions.
How to Connect Using OAuth Authentication in CData Snowflake Drivers
To use OAuth authentication with the driver, set the "AuthScheme" property to "OAUTH" and configure the necessary authentication information. Below are the properties required for OAuth authentication:
| Connection Property | Details or recommended value |
|---|---|
| URL | Your Snowflake account URL |
| Warehouse | The target warehouse |
| User | The username of the authenticating user |
| AuthScheme | OAuth |
| InitiateOAuth | GETANDREFRESH* |
| CallbackUrl | The redirect URL set during the Security integration creation |
| OAuthClientId | The OAuth client ID from the Security integration |
| OAuthClientSecret | The OAuth client secret from the Security integration |
* - There are various options for the InitiateOAuth property. Using "GETANDREFRESH" configures the CData solution to automatically handle the initial authentication and automatically refresh any expired authentications. For more information, refer to the Help documentation.
Sample Connections CData Snowflake Products
Use the connection instructions above to configure the connection appropriately in your CData solution.
CData JDBC Driver for Snowflake
With the JDBC Driver, simply use the connection properties in the JDBC URL.
jdbc:snowflake:AuthScheme=OAuth; InitiateOAuth=GETANDREFRESH; Url=https://xxxxx.us-east-1.snowflakecomputing.com; Warehouse=TEST_WAREHOUSE; CallbackUrl=https://localhost:33333; OAuthClientId="<my_client_id>"; OAuthClientSecret="<my_client_secret>";
CData ODBC Driver for Snowflake
With the ODBC Driver, you will set the connection properties in the DSN configuration wizard.
The CallbackUrl and InitiateOAuth properties are found in the "Advanced" tab.
Regardless of which CData solution you're using, the OAuth flow allows you to authenticate your integrate my signing into Snowflake directly. After you enter your credentials, the driver or connector completes the process (obtaining the token for use with continued integration).
Now you are ready perform OAuth authentication with CData Snowflake Drivers. CData Snowflake Drivers are available for a 30-day free trial, so if you are considering integrating with Snowflake, please give it a try.
Snowflake Drivers also support OAuth authentication. For connecting via OAuth authentication, please refer to our other article (Snowflake Drivers: How to Setup and Use Key-Pair Authentication ).
