From 87240eb57b3acd6a2b57a96a1ed020e1e867874d Mon Sep 17 00:00:00 2001 From: Jeremy Yeo Date: Mon, 25 Nov 2024 14:42:53 +1300 Subject: [PATCH 1/3] Update failed-snowflake-oauth-connection.md --- .../failed-snowflake-oauth-connection.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index 5d2a2f671c9..20db2930701 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -20,3 +20,18 @@ ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'sc ``` You can read more about this error in [Snowflake's documentation](https://community.snowflake.com/s/article/external-custom-oauth-error-the-role-requested-in-the-connection-is-not-listed-in-the-access-token). + +---- + +1. If you see this error: + + ```shell + + Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. Incorrect username or password was specified. + + ``` + +2. Double check that: + +* There is not more than a single Snowflake user that shares the same email identifier. For example - there exist a human user that authenticates to Snowflake with the email `alice@acme.com` but at the same time there also exist a separate service account user that also authenticates with `alice@acme.com`. +* The email address of your user in Snowflake is identical to the email address you use to authenticate in your IdP. For example - if your Snowflake users email address is `alice@acme.com` but you authenticate in Entra/Okta with `alice_adm@acme.com` - then those email addresses are not the same and you may see this error. From e3be400c084253591efe3bcf2092671b0dd75f1d Mon Sep 17 00:00:00 2001 From: mirnawong1 Date: Mon, 25 Nov 2024 11:03:47 +0000 Subject: [PATCH 2/3] tweak --- .../failed-snowflake-oauth-connection.md | 24 +++++++------------ 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index 20db2930701..753f96bfe48 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -4,34 +4,28 @@ description: "Edit your OAuth Security integration when you see error" sidebar_label: 'Receiving `Failed to connect to database` error' --- -1. If you see this error: +1. If you see the following error: - ```shell - + ```text Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. The role requested in the connection, or the default role if none was requested in the connection ('xxxxx'), is not listed in the Access Token or was filtered. Please specify another role, or contact your OAuth Authorization server administrator. - ``` 2. Edit your OAuth Security integration and explicitly specify this scope mapping attribute: - ```sql -ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp'; -``` + ```sql + ALTER INTEGRATION SET EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE = 'scp'; + ``` You can read more about this error in [Snowflake's documentation](https://community.snowflake.com/s/article/external-custom-oauth-error-the-role-requested-in-the-connection-is-not-listed-in-the-access-token). ---- -1. If you see this error: +1. If you see the following error: - ```shell - + ```text Failed to connect to DB: xxxxxxx.snowflakecomputing.com:443. Incorrect username or password was specified. - ``` -2. Double check that: - -* There is not more than a single Snowflake user that shares the same email identifier. For example - there exist a human user that authenticates to Snowflake with the email `alice@acme.com` but at the same time there also exist a separate service account user that also authenticates with `alice@acme.com`. -* The email address of your user in Snowflake is identical to the email address you use to authenticate in your IdP. For example - if your Snowflake users email address is `alice@acme.com` but you authenticate in Entra/Okta with `alice_adm@acme.com` - then those email addresses are not the same and you may see this error. + * **Unique email addresses** — Each user in Snowflake must have a unique email address. You can't have multiple users (for example, a human user and a service account) using the same email, such as `alice@acme.com`, to authenticate to Snowflake. + * **Match email addresses with identity provider** — The email address of your Snowflake user must exactly match the email address you use to authenticate with your Identity Provider (IdP). For example, if your Snowflake user's email is alice@acme.com but you log in to Entra or Okta with alice_adm@acme.com, this mismatch can cause an error. From fab2e89c6cdcc5f2461516562573182c4a67f894 Mon Sep 17 00:00:00 2001 From: mirnawong1 Date: Mon, 25 Nov 2024 11:04:10 +0000 Subject: [PATCH 3/3] add backticks --- .../faqs/Troubleshooting/failed-snowflake-oauth-connection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md index 753f96bfe48..84ef49d212c 100644 --- a/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md +++ b/website/docs/faqs/Troubleshooting/failed-snowflake-oauth-connection.md @@ -28,4 +28,4 @@ You can read more about this error in [Snowflake's documentation](https://commun ``` * **Unique email addresses** — Each user in Snowflake must have a unique email address. You can't have multiple users (for example, a human user and a service account) using the same email, such as `alice@acme.com`, to authenticate to Snowflake. - * **Match email addresses with identity provider** — The email address of your Snowflake user must exactly match the email address you use to authenticate with your Identity Provider (IdP). For example, if your Snowflake user's email is alice@acme.com but you log in to Entra or Okta with alice_adm@acme.com, this mismatch can cause an error. + * **Match email addresses with identity provider** — The email address of your Snowflake user must exactly match the email address you use to authenticate with your Identity Provider (IdP). For example, if your Snowflake user's email is `alice@acme.com` but you log in to Entra or Okta with `alice_adm@acme.com`, this mismatch can cause an error.