Snowflake OAuth For User Connections¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Customer Managed Applies to customer-managed instances of Alation
Available from release 2020.3
Alation supports the OAuth 2.0 protocol for user connections from Compose and the catalog to Snowflake data sources.
A user connection is established by an individual user who wants to access a data source from Alation, as opposed to the connection established via the service account to extract metadata, query history, or data samples.
Users need an individual connection to perform these actions:
Compose
Execute queries
Execute queries on a schedule
Run query forms
Create Excel Live Reports
Catalog
Upload data into the data source
Perform dynamic sampling of a table or column
Run a query form
With OAuth enabled and configured for individual connections, users connecting to Snowflake will be redirected to a login screen of the authorization server (OAuth provider) in a new browser tab. Upon authentication, the login screen will close, and Alation will establish a connection to the data source.
Note
The OAuth 2.0 protocol provides a secure authorization mechanism for applications and users to access a resource. Authorization is managed with access tokens issued by an authorization server. The token holder is allowed to access the resource until the token expires. When an access token has expired, a refresh token can be requested by the application to retrieve a new access token.
Snowflake offers two methods to configure OAuth-based authentication:
Snowflake OAuth—Uses the Snowflake built-in authorization server.
External OAuth—Uses an integration with an external authorization server (OAuth provider).
Alation supports both these configurations for Snowflake data sources. See next: