Skip to main content
OAuth2 for Snowflake

Configure the Trifacta application to integrate with your Snowflake deployment using OAuth2 to authenticate.

Thea avatar
Written by Thea
Updated over 3 years ago

OAuth 2.0 is an industry-standard protocol for authorization between systems.

Through the Trifacta application, workspace administrators can configure OAuth2 clients to enable connectivity to third-party datastores that support OAuth 2.0 or greater authentication. In the OAuth2 Clients page, click Create OAuth2 Client.

Enable OAuth2 Authentication

Workspace administrators can enable the use of OAuth2 authentication for creating connections to third-party datastores that support OAuth 2.0 or greater authentication.

In the Trifacta platform, it is implemented as a security protocol for access to data sources and publishing destinations. Trifacta adminstrators can enable users of the product to connect to specified third-party systems through a OAuth2 client app that you create in the system, using an OAuth2 client reference that is created in the Trifacta application.

When enabled and configured, the Trifacta application uses the OAuth2 client to create a secure token, which is used to authenticate to the third-party system.

Step 1. Create OAuth2 App

For each target system, you must create an OAuth2 app in the system, which provides an external interface for Trifacta SaaS.

The first step is to register the Trifacta application on the Service Provider. The set up will usually take place on the end system itself (ie. on Salesforce/Snowflake). Specific instructions will vary depending on provider but you will need to set the following information:

  • Client Name - Name of the Application (eg. "Trifacta")

  • Callback URI - URI that the system sends info to, once authorization passes (eg. https://example.trifacta.com/callback)

  • Scopes and/or Roles- Scopes limit an application's access to a user's account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.

You will need to obtain the following information:

  • Client ID - generated by system to identify and authenticate app access (eg. "abcsecretkey")

  • Client Secret - generated by system to identify and authenticate app access (eg. "xyzsecretpass")

  • Authorization URL - the URL that Trifacta will use to authorize the request (eg. https://login.salesforce.com/services/oauth2/authorize)

  • Token URL - the URL that Trifacta will use to generate a token (eg. https://login.salesforce.com/services/oauth2/token)

  • Scope - This is typically "refresh_token" plus any additional requirements depending on connection. (eg. "refresh_token api")

  • Access Token Expires In - to track how long an access token is valid for, in milliseconds (eg. 3600000)

  • Refresh Token Expires In - to track how long a refresh token is valid for, in milliseconds (eg. 900000000)

Step 2. Create OAuth2 Client

Through the Trifacta application, you must create an OAuth2 client that connects to the OAuth2 app that you have created.

OAuth2 Client Creation Form

  • Go to the Admin Console.

  • In the Admin console, select OAuth2 Clients.

  • Specify the following properties for your OAuth2 client-

Type

Select the type of client from the drop-down list.

Name

Display name of your OAuth2 client.

Client ID

The client identifier for the OAuth2 app that you created.

Client Secret

The client secret for the OAuth2 app that you created.

Authorization URL

The URL that is used for authorizing to the client app.

Token URL

The token URL for the client app that you created.

Scopes

Scopes are space-delimited strings that can be used to pass parameters to the client app that you created.

NOTE: The specific scopes that you can pass depends on the system with which you are integrating.

Access Token Expires In

Number of milliseconds that an access token is permitted to be used to connect to the target OAuth2 app. This value must be set to an integer greater than 0.

For more information, please see the documentation for your target system.

Refresh Token Expires In

Number of milliseconds of inactivity that are permitted before an access token is expired.

Tip: To create non-expiring tokens, set this value to 0.

For more information, please see the documentation for your target system.

Step 3. Create a new connection using OAuth

OAuth2 for Snowflake

In your Snowflake console, you must create the client app, which includes execution of several SQL statements.

Create a new connection from the Connections Page. New options are available in the creation dialog.

  1. For Credential Type, set to OAuth2

2. Choose the corresponding OAuth client from the list of available clients. Some connections require multiple clients for multiple accounts.

3. Hit "Authenticate". User will be taken to the service provider website to log in. After they log in, they have to provide consent for Trifacta to access the defined scope.
โ€‹

4. Once authorization is granted, they will be redirected back to Trifacta where they can save the connection.

For more information, see Create OAuth2 Client.

More Info

Learn more by reading these documentation guides-

Did this answer your question?