Authenticate with Snowflake OAuth

Snowflake allows you to use OAuth authentication to secure communications and authenticate entities within its ecosystem using federated identity management. OAuth authentication uses bearer tokens for authentication, enabling integration with your organization's identity provider and supporting single sign-on (SSO) workflows.

Note: By November 2025, Snowflake will require token-based authentication.

Before you begin

Connect Liquibase to Snowflake
Set up External OAuth — OAuth authentication requires an external authorization server configured with Snowflake. Follow the Snowflake External OAuth documentation to set up your identity provider and obtain access tokens.

Procedure

Configure OAuth Authentication

Add your oauth token to the liquibase.properties file.

Be sure to:

Set the auth.type to oauth.
Set your_token to your OAuth bearer token obtained from your identity provider.

liquibase.snowflake.auth.type=oauth
liquibase.snowflake.auth.token=your_token

Test Your Configuration

Once you've configured OAuth authentication, you can verify authentication with debug logging.

liquibase --log-level=DEBUG status 2>&1 | grep -i "snowflake\|auth\|oauth\|token"

Look for these success indicators:

[FINE] Found 'liquibase.snowflake.auth.type' configuration of 'oauth' [FINE] Found 'liquibase.snowflake.auth.token' configuration of 'your_token' [INFO] Attempting OAuth connection to Snowflake with URL: jdbc:snowflake://... [FINE] Connected to username@jdbc:snowflake://...