Snowflake OAuth for MCP lets you connect the Claude Snowflake Connector using secure, token-based authentication. By creating a custom OAuth client in Snowflake and linking it to MCP, you can avoid storing passwords and keep access tied to Snowflake’s built-in roles and permissions.
View article: Install and Set Up Snowflake MCP with Claude
Snowflake Configuration
This guide walks through viewing your OAuth integrations, creating the client, and completing the connection so Claude can authenticate cleanly with Snowflake.
SHOW INTEGRATIONS LIKE '%OAUTH%';Add an Oauth Integration for Claude
USE ROLE SECURITYADMIN;
CREATE OR REPLACE SECURITY INTEGRATION CLAUDE_OAUTH_INTEGRATION
TYPE = OAUTH
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
ENABLED = TRUE
OAUTH_REDIRECT_URI = 'https://claude.ai/api/mcp/auth_callback'
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = 7776000; -- 90 days, pick what you want
;
Limiting access to MCP Role
Using Snowflake MCP is absolutely not something you should roll out into production. You should carefully test, evaluate, and monitor. We create a role specifically for use with Claude so we can easily isolate usage, review queries, and limit access to a select few users.
-- (optional) pre-authorize a role
ALTER SECURITY INTEGRATION CLAUDE_OAUTH_INTEGRATION
SET PRE_AUTHORIZED_ROLES_LIST = ('CLAUDE');Acquire the Oauth token and secret
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CLAUDE_OAUTH_INTEGRATION');Snowflake OAuth for MCP Troubleshooting
As of Nov 2025, this OAuth integration used with Claude does not work becuase of a malformed scope.
