# Snowflake ## Setup Snowflake Custom OAuth Details about [custom OAuth for Snowflake](https://docs.snowflake.com/en/user-guide/oauth-custom.html) are described here. ### 1. Create a security integration First, create a new Worksheet to be able to execute queries. Next, run the below query: ```sql create security integration oauth_locoia type = oauth enabled = true oauth_client = custom oauth_client_type = 'CONFIDENTIAL' oauth_redirect_uri = 'https://api.locoia.com/v1/oauth2/callback/snowflake' oauth_issue_refresh_tokens = true oauth_refresh_token_validity = 86400 ; ``` Further configuration options can be specified for the security integration if needed. {% hint style="warning" %} Only Snowflake account administrators (`ACCOUNTADMIN` role) or a role with the global `CREATE INTEGRATION` privilege can execute this SQL command. {% endhint %} ### 2. Get the security integration's details Run the below command to get all Oauth2 details: ```sql desc security integration oauth_locoia; ``` `oauth_locoia` is the integration name. The result looks like: ![](https://291121471-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-McrRFZHYH27bqKzOVDd%2Fuploads%2FBaSDui67G9I7loFTq5ls%2Fimage.png?alt=media\&token=d3475468-839c-4420-a282-79d7d9bb3277) ### 3. Generate the client\_secret Run the below command: ```sql select SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('OAUTH_LOCOIA'); ``` {% hint style="warning" %} The integration name needs to be in **upper case** letters. {% endhint %} The client\_secret is be returned. ## Authenticating Snowflake 1. In Locoia, go to Settings > Connector Auth and click create. Alternatively create an authentication directly in the [Flow Builder](https://docs.locoia.com/automation/flow-builder) 2. Enter your details as explained in the images below: ![Names and locator as seen in Snowflake (minimum role to see accounts: ACCOUNTADMIN)](https://291121471-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-McrRFZHYH27bqKzOVDd%2Fuploads%2F8Xid9H8KPdrskXmtlCoB%2FSnowflake%20IDs.png?alt=media\&token=ee06c465-49d3-4fc3-b1a9-0dbe6fa6f7c9) ![Entering the corresponding values in the Connector Auth](https://291121471-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-McrRFZHYH27bqKzOVDd%2Fuploads%2FIXrutTTbw3MyNwELF88i%2FSnowflake%20Connector%20Auth%20copy.png?alt=media\&token=47068d6c-c4ca-4633-bf64-6c9add05712b) 3\. Sign in with your Snowflake credentials. Note that this user can't have the roles `ACCOUNTADMIN`or `SECURITYADMIN`. ![Login with your Snowflake user](https://291121471-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-McrRFZHYH27bqKzOVDd%2Fuploads%2FYNET5nR0VtbleuCzYPil%2Fimage.png?alt=media\&token=b970b5ef-d159-4304-a055-cec37cf2e754) 4\. In the final step, you need to click **Allow** in order to grant access to the mentioned Snowflake entities: ![](https://291121471-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-McrRFZHYH27bqKzOVDd%2Fuploads%2FWSY932vgjXIOw7KFY6xD%2Fimage.png?alt=media\&token=1aa246b8-671e-445d-9335-60c208f53cc1) ## API requests to Snowflake The [Snowflake API](https://docs.snowflake.com/en/developer-guide/sql-api/reference.html#post-api-statements) and its requests is described here.