This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Snowflake OAuth Connection Issue

Posted on 11-18-2022 04:59 AM
Mathivanan
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi,

We are trying to connect the snowflake server from apigee using snowflake OAuth token as an authorization method. Initially When I tried to generate OAuth token using the refresh token getting the 400-Bad request and response as below. 

{
    "data"null,
    "error""invalid_client",
    "code"null,
    "message""This is an invalid client.",
    "success"false,
    "headers"null
}
 
We copied the Curl command from the apigee failed request trace log.
The same Curl command we imported in the postman and it's working fine.
 
Could you please help with this, @dchiesa1  
 
Please find below for Request frame assign message policy and Curl-Command,
 
curl -X POST -H 'Authorization: *****' -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=refresh_token&refresh_token=ver%3A2-hint%3A289403486519342-did%3A2001-ETMsDgAAAYSGNSIZABRBRVMvQ0JDL1BLQ1M1UGFkZGluZwEAABAAEOngcYD4Aya%2By4t40rABNkAAAADwZj1fLCAyWbJhXxcNEgk0rP0IpMBdaNNGkYtaSatgYS0TCz9VZLlOr4G8EyY53emPJUXHdHEe%2Fy%2FUEQ14Nqb1KfJndzTo%2Ble%2BtuOZbAHMzv3CNnYResv5wlyaJitA3OdHu%2Bhxf64RLhHpNsGf2qoKN4mO1Dhvg%2F3s2yiusintortI8zEGZKzg4LH38W0g7qnVHZPOCi%2F7fk1KgdtEfHsk1gahpMjv%2Fs6%2F1PV1dj8Of9IHUzynjDIKYqyQa46qWGnqyJtu1aPllbfa5wG0p%2Ba1zeGf%2FpsMvtI09AZwOJAij%2F3HAXcAa%2FV%2Bs.....' 'https://tjx_sec.east-us-2.azure.snowflakecomputing.com/oauth/token-request'
 
AM-Request_frame.png
Solved Solved
1 1 937
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I can only guess as to the reason. 

One possibility is  ... the Snowflake OAuth2 endpoint is refusing to refresh a token, when the request-for-refresh-token arrives from an IP address that does not match the IP address of the machine that  originally requested the token. This would be a reasonable restriction for Snowflake to make, in order to prevent token "leakage". 

I don't know anything about Snowflake but after I wrote the above (I swear!),  I found this which may be related.  It refers to an IP address restriction. 

snowflake-alter-scim.png

My suggestion is to ask your snowflake administrator to tell you what the network policy is, and inquire if it is possible to modify the policy to allow different IP addresses.  If you use Apigee X or hybrid then there will be a specific set of IP addresses that Apigee will use for outbound calls. Allow THOSE addresses in the snowflake policy in order to enable that refresh_token call. 

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I can only guess as to the reason. 

One possibility is  ... the Snowflake OAuth2 endpoint is refusing to refresh a token, when the request-for-refresh-token arrives from an IP address that does not match the IP address of the machine that  originally requested the token. This would be a reasonable restriction for Snowflake to make, in order to prevent token "leakage". 

I don't know anything about Snowflake but after I wrote the above (I swear!),  I found this which may be related.  It refers to an IP address restriction. 

snowflake-alter-scim.png

My suggestion is to ask your snowflake administrator to tell you what the network policy is, and inquire if it is possible to modify the policy to allow different IP addresses.  If you use Apigee X or hybrid then there will be a specific set of IP addresses that Apigee will use for outbound calls. Allow THOSE addresses in the snowflake policy in order to enable that refresh_token call. 

Jump to Solution
0 Likes
Top Solution Authors
View all