Table of Contents

Search

  1. Preface
  2. Connectors and connections
  3. Connection configuration
  4. Connection properties
  5. Swagger file generation for REST V2 connections

Data Integration Connections

Data Integration Connections

OAuth 2.0 authorization code authentication

OAuth 2.0 authorization code authentication

To use authorization code, you must first register the Informatica redirect URL in Security Integration. Security Integration is a type of integration that enables clients that support OAuth to redirect users to an authorization page and generate access tokens, and optionally, refresh tokens to access Snowflake.
Register the Informatica redirect URL in Security Integration:
https://
<Informatica cloud hosting facility for your organization>
/ma/proxy/oauthcallback
If the access token expires, Informatica redirect URL, which is outside the customer firewall, tries to connect to the endpoint and retrieve a new access token.
For more information about how to get the authorization details, see the Snowflake documentation.
The following table describes the Snowflake Cloud Data Warehouse connection properties for an OAuth 2.0 - AuthorizationCode type connection:
Connection property
Description
Runtime Environment
The name of the runtime environment where you want to run the tasks.
Specify a Secure Agent, Hosted Agent, or serverless runtime environment.
When you use a serverless runtime environment, you cannot use a proxy server to connect to Informatica Intelligent Cloud Services.
Authentication
The authentication method that Snowflake Cloud Data Warehouse V2 Connector must use to log in to Snowflake.
Select
AuthorizationCode
.
Not applicable for elastic mappings.
Account
The name of the Snowflake account.
In the Snowflake URL, your account name is the first segment in the domain.
For example,
123abc
is your account name in
https://123abc.snowflakecomputing.com
.
Ensure that the account name does not contain underscores. To use an alias name, contact Snowflake Customer Support.
Warehouse
The Snowflake warehouse name.
Additional JDBC URL Parameters
Optional. The additional JDBC connection parameters.
Enter one or more JDBC connection parameters in the following format:
<param1>=<value>&<param2>=<value>&<param3>=<value>....
For example:
user=jon&warehouse=mywh&db=mydb&schema=public
Ensure that there is no space before and after
=
when you add the parameters.
Refer to the following examples of additional JDBC connection parameters that you can configure:
  • To override the database and schema name used to create temporary tables in Snowflake, enter the database and schema name in the following format:
    ProcessConnDB=<DB name>&ProcessConnSchema=<schema_name>
  • To view only the specified database and schema while importing a Snowflake table, specify the database and schema name in the following format:
    db=<database_name>&schema=<schema_name>
  • To access Snowflake through Okta SSO authentication, enter the web-based IdP implementing SAML 2.0 protocol in the following format:
    authenticator=https://<Your_Okta_Account_Name>.okta.com
    Microsoft ADFS is not applicable.
  • To load data from Google Cloud Storage to Snowflake for pushdown optimization, enter the Cloud Storage Integration name created for the Google Cloud Storage bucket in Snowflake in the following format:
    storage_integration=<Storage Integration name>
    For example, if the storage integration name you created in Snowflake for the Google Cloud Storage bucket is
    gcs_int_qa
    , you must specify the integration name in uppercase:
    storage_integration=GCS_INT_QA
Authorization URL
The Snowflake server endpoint that is used to authorize the user request.
The authorization URL is https://<account_name>.snowflakecomputing.com/oauth/authorize, where <account_name> specifies the full name of your account provided by Snowflake.
For example, https://informatica.snowflakecomputing.com/oauth/authorize
You can also use the Authorization Code grant type that supports the authorization server in a Virtual Private Cloud network.
If the account name contains underscores, you must use the alias name.
Access Token URL
The Snowflake access token endpoint that is used to exchange the authorization code for an access token.
The access token URL is https://<account_name>.snowflakecomputing.com/oauth/token-request, where <account_name> specifies the full name of your account provided by Snowflake.
For example, https://informatica.snowflakecomputing.com/oauth/token-request
If the account name contains underscores, you must use the alias name.
Client ID
Client ID of your application that Snowflake provides during the registration process.
Client Secret
Client secret of your application.
Scope
Specifies access control if the API endpoint has defined custom scopes.
Enter space separated scope attributes.
For example, specify
session:role:CQA_GCP
as the scope to override the value of the default user role. The value must be one of the roles assigned in Security Integration.
Access Token Parameters
Additional parameters to use with the access token URL. Define the parameters in the JSON format.
For example, define the following parameters:
[{"Name":"code_verifier","Value":"5PMddu6Zcg6Tc4sbg"}]
Authorization Code Parameters
Additional parameters to use with the authorization token URL. Define the parameters in the JSON format.
For example, define the following parameters:
[{"Name":"code_challenge","Value":"Ikr-vv52th0UeVRi4"}, {"Name":"code_challenge_method","Value":"S256"}]
Access Token
Populates the access token value.
Enter the access token value or click
Generate Access Token
to populate the access token value.
Generate Access Token
Generates the access token and refresh token based on the OAuth attributes you specified.
Refresh Token
Populates the refresh token value.
Enter the refresh token value or click
Generate Access Token
to populate the refresh token value. If the access token is not valid or expires, the Secure Agent fetches a new access token with the help of refresh token.
If the refresh token expires, you must either provide a valid refresh token or regenerate a new refresh token by clicking
Generate Access Token
.