The authorization code grant is a commonly used authentication flow for web and native applications. It provides secure connections by requiring multiple points of authentication before permitting access to data. When using the authorization code flow, the application is first redirected to the location hosting the temporary authorization code and retrieves it. Next, after being redirected to the location specified by the RedirectURI property, the application exchanges the authorization code, client ID, and client secret for the access token.

To use an authorization code grant:

  • Set the AuthenticationMethod property to OAuth2.
  • Set the AccountName property to specify the full name of your account and the region where it is hosted. For example, account_name.us-east-1.
  • Set the DatabaseName property to specify the name of the database to which you are connecting.
  • Set the Schema property to specify the default schema to use for the specified database once connected. The specified schema should be an existing schema for which the specified default role has privileges.
  • Set the Warehouse property to specify the virtual warehouse to use once connected. The specified warehouse should be an existing warehouse for which the specified default role has privileges.
  • Set the AuthURI property to the endpoint used to obtain the authorization code from the authorization service.
  • Set the ClientID property to specify the client ID key for your application.
  • Set the ClientSecret property to specify the client secret for your application.
    Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
  • Set the RedirectURI to specify the endpoint that the client is returned to after authenticating with the service. This value must match the redirect URI specified in the Snowflake OAuth security integration.

The following example demonstrates using an authorization code grant:

Connection URL: 

Connection conn = DriverManager.getConnection
("jdbc:datadirect:snowflake:AuthenticationMethod=OAuth2;
  AccountName=account_name.us-east-1;
  DatabaseName=payroll;Schema=xyz;Warehouse=accounting;
  AuthURI=https://account_name.us-east-1.snowflakecomputing.com/oauth/authorize;
  ClientId=cd34efg5678h9ij87klm6543no32pqr10st987;
  ClientSecret=098zyx765wvu432tsr123qpo456;
  RedirectUri=https://lvn.me/app_callback.html;");

Data Source:

SnowflakeDataSource mds = new SnowflakeDataSource();
mds.setDescription("My Snowflake Data Source");
mds.setAuthenticationMethod("OAuth2");
mds.setAccountName("account_name.us-east-1");
mds.setDatabaseName("payroll");
mds.setSchema("xyz");
mds.setWarehouse("accounting");
mds.setAuthURI("https://account_name.us-east-1.snowflakecomputing.com/oauth/authorize");
mds.setClientID("cd34efg5678h9ij87klm6543no32pqr10st987");
mds.setClientSecret("098zyx765wvu432tsr123qpo456");
mds.setRedirectURI("https://lvh.me/app_callback.html");