(Example) How to Update an Access Token for Snowflake

Prerequisites

• Create an access token for Snowflake.

  For more information, refer to (Example) How to Get the Access Token Credentials from Snowflake.

• One of these account types:
  • Snowflake Standard Edition
  • Snowflake Enterprise Edition
  • Snowflake Business Critical Edition
  • Virtual Private Snowflake

Good to Know

• By default, Snowflake expires its refresh tokens after 90 days. A refresh token is an OAuth 2.0 object that allows an access token to renew. After the refresh token expires, the associated access token can no longer be used and a new access token must be created. This requires action in both AgilePoint NX and Snowflake.

  You can request Snowflake Support to change the refresh token timeout for your Snowflake environment. For example, to request a timeout of 5 years, request the maximum OAUTH_REFRESH_TOKEN_VALIDITY for a SECURITY INTEGRATION to be increased to 157784630 sec.

  If you do not change the default timeout for refresh tokens, AgilePoint strongly recommends setting a reminder to update your Snowflake access token every 90 days. If the refresh token expires, all AgilePoint NX apps that use the Snowflake access token will stop until the access token is updated. Then you will need to start the apps in Manage Center. AgilePoint NX does not provide automated reminders for this timeout.

• This topic shows the procedure to update an global access token for Snowflake in Manage Center. You can follow the similar procedure to update an app level access token for Snowflake.
• OAuth 2.0 access tokens require a 2-way exchange of credentials between AgilePoint NX and the external service. This means that you must get the credentials from the third-party service to paste in the AgilePoint NX access token, and get the redirect URI from AgilePoint NX to paste in the external service. This requires you to open both the AgilePoint NX access token and the third-party service at the same time, so you can copy and paste from one screen to the other.

  This topic shows the suggested procedure for Snowflake. The exact procedure for your access token depends on whether you already have a connection (usually called an app) configured in the external service.

• This topic gives one example. The procedure may vary depending on your configuration and account settings in the third-party service.
• Some information about third-party integrations is outside the scope of the AgilePoint NX Product Documentation. It is the responsibility of the vendors who create and maintain these technologies to provide this information. This includes specific business use cases and examples; explanations for third-party concepts; details about the data models and input and output data formats for third-party technologies; and various types of IDs, URL patterns, connection string formats, or other technical information that is specific to the third-party technologies. For more information, refer to Where Can I Find Information and Examples for Third-Party Integrations?

First, open the access token in AgilePoint NX you created for Snowflake.

How to Start

1. Click Manage.

   
   
   

2. Click App Builder > Global Access Tokens.

   
   
   

3. On the Global Access Tokens screen, click Snowflake.

   
   
   

4. Select the Snowflake access token.

   
   
   

5. Click Edit Token.

   
   
   

Procedure

1. In AgilePoint NX, open the edit access token configuration screen for Snowflake.

   
   
   

   Keep the access token configuration screen open in AgilePoint NX, but do not save it.

Next, run a query in Snowflake to create the app credentials.

How to Start

1. In a new web browser tab, sign in to the Snowflake portal with a Snowflake account that has the SYSADMIN role.
   • https://app.snowflake.com/.
2. In Snowflake, on the Worksheets screen, click Worksheet.

   
   
   

Procedure

1. On the Worksheet screen, in the Query field, paste this query.

   Format:

   select SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('[APP NAME]');

   Example:

   select SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('AGILEPOINT_NX_SALES_INVOICE_APP');

   
   
   

2. Click Run.

   
   
   

   The Worksheet screen shows the OAuth Client Secrets.

   
   
   

Next, copy the Snowflake app credentials to your AgilePoint NX access token.

How to Start

1. In one web browser tab, in Snowflake, open the Worksheet where you created the App Credentials.

   For more information, refer to Run the Query to Create Credentials.

2. In a different web browser tab, in AgilePoint NX, open the Snowflake access token configuration screen.

Procedure

1. In Snowflake, on the Worksheet screen, in the Results section, click the generated OAuth Client Secrets to open.

   
   
   

2. In the right pane, copy any one of the OAUTH_CLIENT_SECRET values.

   
   
   

3. In AgilePoint NX, on the Snowflake Access Token Configuration screen, in the Client Secret ID field, paste the OAUTH_CLIENT_SECRET value from Snowflake.

   
   
   

Next, complete the AgilePoint NX access token configuration for Snowflake.

How to Start

1. In AgilePoint NX, open the Snowflake access token configuration screen.

Procedure

1. In AgilePoint NX, on the Edit Global Access Tokens screen, click Get OAuth 2.0 Access Token.

   
   
   

   A new tab or window opens in your web browser.

2. On the new tab, in the Sign in to Snowflake to continue to AGILEPOINT_NX_SALES_INVOICE_APP screen, sign in to Snowflake with Snowflake account credentials.

   
   
   

   The new tab or window closes in your web browser, and the Snowflake access token screen shows the OAuth 2.0 access token in the OAuth 2.0 Access Token field..

   
   
   

3. Click Update.