Snowflake Connector for Microsoft Power Platform: [Optional] Validate Entra Authorization setup¶

Snowflake recommends the configuration be tested and suggests using the cURL commands below to determine if Entra is correctly issuing a token.

Delegated auth validation¶

The prior steps must be executed to get the required authorization code value. To obtain the required code, follow the steps outlined in request an authorization code.

  1. Get authorization code:

    In a browser enter the following URL, replacing the placeholders with your values:

    https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/authorize?client_id=<client_id>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost&response_mode=query&scope=api://<app_resource_id>/session:role-any&state=12345
    Copy

  2. Get access token:

    Use the authorization code from the previous step to get an access token. Replace the placeholders with your values in the following cURL command:

    curl -X  POST \
     -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
     --data-urlencode "client_id=<your client id>" \
     --data-urlencode "client_secret=<your client secret>"  \
     --data-urlencode "grant_type=authorization_code" \
     --data-urlencode "code=<use auth code from 1>" \
     --data-urlencode "scope=api://7bd09dd9-a6ef-4461-b014-c3226df74ed0/.default"  \
     --data-urlencode "redirect_uri=http://localhost" \
     https://login.microsoftonline.com/9a2d78cb-73e9-40ee-a558-fc1ac5ef57a7/oauth2/v2.0/token
    Copy

    Note

    You must add localhost as an additional redirect URI in the AAD client application.

Service principal auth validation¶

curl -X POST \
     -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
     --data-urlencode "client_id=<CLIENT_ID>" \
     --data-urlencode "client_secret=<CLIENT_SECRET>" \
     --data-urlencode "grant_type=client_credentials" \
     --data-urlencode "scope=api://<Appl_URI_ID from Oauth Server>/.default" \
     https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token
Copy

Where:

  • CLIENT_ID = Client ID from Oauth Client setup.

  • CLIENT_SECRET = Client secret from Oauth Client setup.

  • TENANT_ID = Tenant ID from Oauth Client setup.

To validate the token in Snowflake, execute the SQL in the steps below with token from above :

  1. Navigate to Snowsight.

  2. Open a worksheet.

  3. Execute the following code:

    system$verify_external_oauth_token({token});
    Copy

Next steps¶

After completing these procedures, follow the steps in Snowflake Connector for Microsoft Power Platform: [Optional] Validate Snowflake access.

Language: English