Dataiku - Snowflake Entra ID authentication: The application asked for scope that doesn't exist on the resource

Daria Lisita 0 Reputation points
2024-12-20T08:18:00.8033333+00:00

I am configuring OAUTH to authorize Dataiku developers in Snowflake using external OAUTH on Entra ID.

In the Dataiku documentation i have information:

Fill the scope with the operations and roles permitted for the access token (This depends on your OAuth Server so check the official doc). Or if you do not want to manage Snowflake roles in your OAuth2 server, pass the static value of SESSION:ROLE-ANY in the scope.

Also in snowflake documentation mentioned that SESSION:ROLE-ANY is applicable.

When I've configured server APP in Entra Id and added scope to API exposure.

User's image

Then I granted permissions to it in the client app.

User's image

But now when I try to authorize in Snowflake through Dataiku, i receive an error:
The application 'snowflake oauth client for DSS users (for person user)' asked for scope 'session:role-any' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'.

What can be the reason? Or where i can check what it can be?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,511 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,966 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.