Configuring OAuth authentication for Google Cloud Platform (GCP)¶
About customer-provided OAuth client authentication¶
An application that authenticates to Google using OAuth 2.0 must provide two objects in GCP:
OAuth consent screen that tells users who is requesting access to their data and what kind of data users are allowing your application to access.
OAuth Client ID used to authenticate an application to Google. It is necessary when you want to access resources owned by your end user.
For the private preview of the Snowflake Connector for Google Analytics Raw Data, you must provide your own OAuth consent screen and client ID to authenticate. In a future release, the consent screen will be provided.
If you are using PrivateLink please contact with Support team, or alternatively you can use Service Account authentication method. For details, see Configuring service account authentication for Google Cloud Platform (GCP).
To provide the OAuth consent screen and OAuth client ID, you must create a Google Cloud Platform (GCP) project first. Refer to the GCP documentation to learn how to create a GCP project.
If possible, create an OAuth consent screen in a GCP project that belongs to an organization. Make sure that the connector users are members of the same organization.
If your project does not belong to an organization, you must renew authentication every seven days.
Configuring the OAuth consent screen¶
To open the OAuth consent screen creator, select APIs & Services » OAuth consent screen in your GCP project.
Select the user type.
You can select the Internal user type only if the GCP project belongs to an organization and the connector users are members of the same organization.
The External user type causes the authentication to expire in seven days. If you choose this type, you need to renew authentication weekly.
Provide the following information:
App name: Snowflake Connector for Google Analytics Raw Data
User support email: your email address
Developer contact information: your email address
Select Save and continue.
Select Add or remove scopes » Manually add scopes. Copy the following addresses:
To add the scopes, paste each address in a dialog and select Add to table.
For External user type:
Select Test users » Add users.
Enter the email addresses of users that are allowed to use the connector.
To finish configuration, select Save and continue » Back to dashboard.
Configuring the OAuth client ID¶
The following procedure describes how to configure the OAuth Client ID:
To open the OAuth consent screen creator, select APIs & Services » Credentials in your GCP project.
Select Create credentials » OAuth client ID.
In the Application type dropdown list, select Web application.
In the Name box, enter the following name: Snowflake Connector for Google Analytics Raw Data ID.
Select Authorized redirect URIs » Add URI.
In the Snowflake Connector for Google Analytics Raw Data interface, go to the third step of the connector configuration: Authentication. Choose OAuth2 and copy the value from the Redirect URL box.
Go back to the GCP interface, and paste the value to the URI box.
Copy the Your Client ID and Your Client Secret values.
Paste the values into the corresponding boxes in the Snowflake Connector for Google Analytics Raw Data interface.
Select Sign in.
Preventing session expiration for OAuth consent screen¶
The following procedure describes how to prevent session expiration for OAuth Consent Screen:
In the Google Admin Console menu, select Security » Access and data control » Google Cloud session control.
In the Reauthentication policy section, select the Exempt Trusted apps checkbox.
In the Google Admin Console menu, select Security » API Controls » App Access Control.
In the Configured apps section, select Add app » OAuth App Name Or Client ID.
Copy the client ID created in Configuring the OAuth Client ID, and paste it into the box.
Select Snowflake Connector for Google Analytics Raw Data application name.
Select the created OAuth Client ID checkbox, and click Select.
In the Scope section, select All users.
In the Access to Google Data section, select Trusted.
On the Review screen, select Finish.