From e25862119383a3e483cc157802571e7a5f8bf49a Mon Sep 17 00:00:00 2001 From: gunnava Date: Thu, 7 Nov 2024 17:17:57 +0000 Subject: [PATCH 01/13] Update external-oauth.md Add some Troubleshooting guidance for an external Oauth specific error --- .../docs/cloud/manage-access/external-oauth.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/website/docs/docs/cloud/manage-access/external-oauth.md b/website/docs/docs/cloud/manage-access/external-oauth.md index deb23f36f09..403384e6ae6 100644 --- a/website/docs/docs/cloud/manage-access/external-oauth.md +++ b/website/docs/docs/cloud/manage-access/external-oauth.md @@ -267,3 +267,18 @@ app in Entra ID, click **Endpoints** and open the **Federation metadata document 6. `Application ID URI`: Copy the `Application ID URI` field from the resource server’s Overview screen. + + + +## Troubleshooting + +### Errors when connecting to Snowflake via external Oauth: +` Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. ` + +Snowflake has some guidance on this error here: https://community.snowflake.com/s/article/external-custom-oauth-error-the-role-requested-in-the-connection-is-not-listed-in-the-access-token + +To resolve this issue, you should alter your OAuth Security Integration and explicitly specify the Scope mapping attribute: + + ```sql +ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp'; +``` From 710ed0d7a9a17221e60fed2b5cc34479bd782c76 Mon Sep 17 00:00:00 2001 From: runleonarun Date: Fri, 8 Nov 2024 13:38:03 -0800 Subject: [PATCH 02/13] moving to faq --- .../docs/cloud/manage-access/external-oauth.md | 15 ++------------- .../failed-snowflake-oauth-connection.md | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 13 deletions(-) create mode 100644 website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md diff --git a/website/docs/docs/cloud/manage-access/external-oauth.md b/website/docs/docs/cloud/manage-access/external-oauth.md index 403384e6ae6..380d0a3d1cc 100644 --- a/website/docs/docs/cloud/manage-access/external-oauth.md +++ b/website/docs/docs/cloud/manage-access/external-oauth.md @@ -268,17 +268,6 @@ app in Entra ID, click **Endpoints** and open the **Federation metadata document +## FAQs - -## Troubleshooting - -### Errors when connecting to Snowflake via external Oauth: -` Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. ` - -Snowflake has some guidance on this error here: https://community.snowflake.com/s/article/external-custom-oauth-error-the-role-requested-in-the-connection-is-not-listed-in-the-access-token - -To resolve this issue, you should alter your OAuth Security Integration and explicitly specify the Scope mapping attribute: - - ```sql -ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp'; -``` + diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md new file mode 100644 index 00000000000..c5ecff14008 --- /dev/null +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -0,0 +1,18 @@ +--- +title: Receiving a `Failed to connect to DB xxxxxxx.snowflakecomputing.com:443` error when when connecting to Snowflake via external Oauth +description: "Edit your OAuth Security integration when you see error" +sidebar_label: 'Receiving `Failed to connect to database` error' +--- + +If you see the following error w + +``` +Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. +``` + +To resolve this issue, you should edit your OAuth Security integration and explicitly specify this Scope mapping attribute: + + ```sql +ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp'; +``` +You can read more about this error in [Snowflake's documentation](https://community.snowflake.com/s/article/external-custom-oauth-error-the-role-requested-in-the-connection-is-not-listed-in-the-access-token). From 1544dbb584abed1863fcf87088586f3454e23fac Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:40:30 -0800 Subject: [PATCH 03/13] Apply suggestions from code review --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index c5ecff14008..bb638737c58 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -4,13 +4,13 @@ description: "Edit your OAuth Security integration when you see error" sidebar_label: 'Receiving `Failed to connect to database` error' --- -If you see the following error w +1. If you see this error: ``` Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. ``` -To resolve this issue, you should edit your OAuth Security integration and explicitly specify this Scope mapping attribute: +2. Edit your OAuth Security integration and explicitly specify this Scope mapping attribute: ```sql ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp'; From cd8e31664841318d054405739218fdbd9c7852e9 Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 14:56:38 -0800 Subject: [PATCH 04/13] Update website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index bb638737c58..bbfbf1efa19 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -1,5 +1,5 @@ --- -title: Receiving a `Failed to connect to DB xxxxxxx.snowflakecomputing.com:443` error when when connecting to Snowflake via external Oauth +title: Receiving a `Failed to connect to DB` error when connecting to Snowflake description: "Edit your OAuth Security integration when you see error" sidebar_label: 'Receiving `Failed to connect to database` error' --- From 16ee4e14791c55fd19680355cb93e57d5bd91547 Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:04:35 -0800 Subject: [PATCH 05/13] Update website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index bbfbf1efa19..7d36fd158c6 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -6,7 +6,7 @@ sidebar_label: 'Receiving `Failed to connect to database` error' 1. If you see this error: -``` +```shell Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. ``` From 1cf0c1272194e24d113f95bdaa5add9b45243d91 Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:33:16 -0800 Subject: [PATCH 06/13] Update website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index 7d36fd158c6..f26c334e265 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -15,4 +15,5 @@ Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested ```sql ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp'; ``` + You can read more about this error in [Snowflake's documentation](https://community.snowflake.com/s/article/external-custom-oauth-error-the-role-requested-in-the-connection-is-not-listed-in-the-access-token). From 368f0ef948cee229b0e4ca36dba326f094e7b2da Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:34:47 -0800 Subject: [PATCH 07/13] Update website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index f26c334e265..7b39c68c57d 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -7,7 +7,8 @@ sidebar_label: 'Receiving `Failed to connect to database` error' 1. If you see this error: ```shell -Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. +Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. +Please specify another role, or contact your OAuth Authorization server administrator. ``` 2. Edit your OAuth Security integration and explicitly specify this Scope mapping attribute: From ed54f9b3df64fd4038288689a08ffe47d8c4bd5a Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:46:18 -0800 Subject: [PATCH 08/13] Update website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index 7b39c68c57d..c4a432b9f66 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -7,6 +7,7 @@ sidebar_label: 'Receiving `Failed to connect to database` error' 1. If you see this error: ```shell + Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. ``` From 31ad356f2cd0ebda6c69d4e39bc806ffe00ee93c Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:46:35 -0800 Subject: [PATCH 09/13] Update website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 1 - 1 file changed, 1 deletion(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index c4a432b9f66..25c6d734ee2 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -10,7 +10,6 @@ sidebar_label: 'Receiving `Failed to connect to database` error' Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. -``` 2. Edit your OAuth Security integration and explicitly specify this Scope mapping attribute: From 6a396eef7912f03971d1ef5674d2801507bf2ffa Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:47:14 -0800 Subject: [PATCH 10/13] Update website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index 25c6d734ee2..7a32cff7dcf 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -11,6 +11,7 @@ sidebar_label: 'Receiving `Failed to connect to database` error' Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. + 2. Edit your OAuth Security integration and explicitly specify this Scope mapping attribute: ```sql From ce642f6fb902d44c6f6de6065fddfcc03d3428f4 Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:47:42 -0800 Subject: [PATCH 11/13] Update failed-snowflake-oauth-connection.md --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index 7a32cff7dcf..f3baf04862e 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -11,6 +11,7 @@ sidebar_label: 'Receiving `Failed to connect to database` error' Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. +``` 2. Edit your OAuth Security integration and explicitly specify this Scope mapping attribute: From 9b4fd96f59dabf0a0af34565689e0f0a3bab357b Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:49:46 -0800 Subject: [PATCH 12/13] Update failed-snowflake-oauth-connection.md --- .../failed-snowflake-oauth-connection.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index f3baf04862e..fe2e1450122 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -6,12 +6,12 @@ sidebar_label: 'Receiving `Failed to connect to database` error' 1. If you see this error: -```shell - -Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. -Please specify another role, or contact your OAuth Authorization server administrator. - -``` + ```shell + + Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. + Please specify another role, or contact your OAuth Authorization server administrator. + + ``` 2. Edit your OAuth Security integration and explicitly specify this Scope mapping attribute: From d6f13bbb319e7672c59a77b5fba13591fcd3b4ef Mon Sep 17 00:00:00 2001 From: "Leona B. Campbell" <3880403+runleonarun@users.noreply.github.com> Date: Tue, 12 Nov 2024 09:09:05 -0800 Subject: [PATCH 13/13] Apply suggestions from code review Co-authored-by: nataliefiann <120089939+nataliefiann@users.noreply.github.com> --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index fe2e1450122..5d2a2f671c9 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -8,12 +8,12 @@ sidebar_label: 'Receiving `Failed to connect to database` error' ```shell - Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection or the default role if none was requested in the connection ('xxxxx') is not listed in the Access Token or was filtered. + Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection, or the default role if none was requested in the connection ('xxxxx'), is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. ``` -2. Edit your OAuth Security integration and explicitly specify this Scope mapping attribute: +2. Edit your OAuth Security integration and explicitly specify this scope mapping attribute: ```sql ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp';