OAuth2_0-SampleApp.ini

# before operating these settings you should likely read
# the Snowflake's OAuth docs here:
# for Snowflake OAuth (where Snowflake acts as the authorization service):
# https://docs.snowflake.net/manuals/user-guide/oauth-custom.html
# for External OAuth (where a 3rd party acts as the authorization service):
# https://docs.snowflake.com/en/user-guide/oauth-ext-custom.html

[APP]
# what port will the ap listen on
port = 8088

[OAUTH]
# this section is for the Snowflake OAuth settings.
# this will be for the Snowflake OAuth setting and
# the section below will be for External OAuth

# these are the most sensitive values there are here.
# in a prodction setting, strongly consider managing
# them with a seecrets management platform. Read about
# getting these secrets with the Snowflake function here:
# https://docs.snowflake.net/manuals/sql-reference/functions/system_show_oauth_client_secrets.html
client_id = YOURSNOWFLAKEOAUTHCLIENTID
client_secret = YOURSNOWFLAKEOAUTHCLIENTSECRET

# this will be set to the same value used when configuring
# the interation in Snowflake, and the URL that will be
# used to reach the app while it's running.
redirect_uri = http://127.0.0.1:${APP:port}/

# you should only need to set the 'snwoflake_uri' here.
# the others should be correct as is.
snowflake_uri = https://<name>.<region>.<vps>.snowflakecomputing.com
authorization_endpoint = ${snowflake_uri}/oauth/authorize
token_endpoint = ${snowflake_uri}/oauth/token-request

# if your intergation was configured to do PKCE
# enforcement, then set this to TRUE or leave it
# blank.
do_pkce = TRUE

[EXTOAUTH]
# this is the scope you will use for the session, which 
# will map to the role(s) which will be available. this
# could be something like a URL or a string depending on 
# the 3rd party involved
extoauth_scope = YOUREXTERNALOAUTHSCOPE

# these are the most sensitive values there are here.
# in a prodction setting, strongly consider managing
# them with a seecrets management platform. 
extoauth_oauth_client_id = YOUREXTERNALOAUTHCLIENTID
extoauth_oauth_client_secret = YOUREXTERNALOAUTHCLIENTSECRET

# these will be the URLs of the third party's endpoints
# and issuers
extoauth_token_endpoint = https://your.idp.token.endpoint/path/token_endpoint
extoauth_jws_key_endpoint = https://your.idp.jws_key.endpoint/path/keys
extoauth_issuer = https://your.idp.issuer/ # there are some situations where this may be a string not a url

[JAVA]
# to run the JDBC case there needs to be both a
# classpath pointing to where the compiled OAuthJDBCTest
# is and another to the Snowflake JDBC jar file
compiled_classpath = /full/path/to/javac/compiled/class/directory # do not put class file name here
snowflake_jdbc_classpath = /full/path/to/JDBC/jar/file/snowflake-jdbc-3.12.9.jar # update jar's name with your version

[SNOWFLAKE]
# this section is for the Snowflake connection
# settings for the python connector.

# you want the user NAME here, not LOGIN_NAME.
### NOT CURRENTLY USED #### user = WADEWILSON

# the 'account' is used for the formation of a connection string
# and should be the full <name>.<region>.<vps> form. the
# 'accountname' is used for JDBC account matching and should
# only be the <name> portion of the URI
account = <name>.<region>.<vps> 
accounturl = <name>.<region>.<vps>.snowflakecomputing.com
### NOT CURRENTLY USED #### accountname = va_demo06

# this should not be changed.
authenticator = OAUTH

# this is the role which will be used to request External
# OAuth tokens and should br a role granted to the user
# you use to authenticate
role = YOURSNOWFLAKEROLE

# this query should return NO MORE THAN 2 columns in
# its results. for readability in the UI, it's suggested
# to return no more than 5-10 rows
query = select PRIME, SEQUENTIALRANK from MATH.PUBLIC.PRIMES limit 5 # this SQL will not work out of the box