Unable to use OAuth token to connect to Snowflake from Databricks "EXTERNAL_OAUTH_USER_CLAIM_MISSING"

0
votes

I am trying to use an OAuth token to connect to Snowflake from Databricks.

I have configured using the official documentation (https://docs.snowflake.com/en/user-guide/oauth-azure.html#step-3-collect-azure-ad-information-for-snowflake).

When request the token I also retrieve what appears to be a valid token. The json in the format {'token_type': 'Bearer', 'expires_in': 3599, 'ext_expires_in': 3599, 'access_token': 'token here}'

However, when I try to use this token it comes as invalid - checking in Snowflake the result is the following: enter image description here

Using https://jwt.ms/ to look at the claims in my token I find the following: aud, iss, iat, nbf, exp, aio, appid, appidacr, idp, oid, rh, roles, sub, tid, uti, ver.

Which claims are missing?

1
oauth-2.0azure-active-directoryjwtsnowflake-cloud-data-platformazure-databricks

1 Answers

1
votes

Most likely the issue issue is that the claim parameter set for OAuth integration object on Snowflake is not passing the right value. Review the following article which details the steps:

https://community.snowflake.com/s/article/Create-Security-Integration-User-To-Use-With-OAuth-Client-Token-With-Azure-AD