externalOauthIntegration.typescript.md

externalOauthIntegration Submodule

Constructs

ExternalOauthIntegration

Represents a {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration snowflake_external_oauth_integration}.

Initializers

import { externalOauthIntegration } from '@cdktf/provider-snowflake'

new externalOauthIntegration.ExternalOauthIntegration(scope: Construct, id: string, config: ExternalOauthIntegrationConfig)

Name	Type	Description
scope	constructs.Construct	The scope in which to define this construct.
id	string	The scoped construct ID.
config	ExternalOauthIntegrationConfig	No description.

---

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

Must be unique amongst siblings in the same scope

---

config^Required

• Type: ExternalOauthIntegrationConfig

---

Methods

Name	Description
toString	Returns a string representation of this construct.
addOverride	No description.
overrideLogicalId	Overrides the auto-generated logical ID with a specific ID.
resetOverrideLogicalId	Resets a previously passed logical Id to use the auto-generated logical id again.
toHclTerraform	No description.
toMetadata	No description.
toTerraform	Adds this resource to the terraform JSON output.
addMoveTarget	Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
getAnyMapAttribute	No description.
getBooleanAttribute	No description.
getBooleanMapAttribute	No description.
getListAttribute	No description.
getNumberAttribute	No description.
getNumberListAttribute	No description.
getNumberMapAttribute	No description.
getStringAttribute	No description.
getStringMapAttribute	No description.
hasResourceMove	No description.
importFrom	No description.
interpolationForAttribute	No description.
moveFromId	Move the resource corresponding to "id" to this resource.
moveTo	Moves this resource to the target resource given by moveTarget.
moveToId	Moves this resource to the resource corresponding to "id".
resetAllowedRoles	No description.
resetAnyRoleMode	No description.
resetAudienceUrls	No description.
resetBlockedRoles	No description.
resetComment	No description.
resetId	No description.
resetJwsKeysUrls	No description.
resetRsaPublicKey	No description.
resetRsaPublicKey2	No description.
resetScopeDelimiter	No description.
resetScopeMappingAttribute	No description.

---

toString

public toString(): string

Returns a string representation of this construct.

addOverride

public addOverride(path: string, value: any): void

path^Required

• Type: string

---

value^Required

• Type: any

---

overrideLogicalId

public overrideLogicalId(newLogicalId: string): void

Overrides the auto-generated logical ID with a specific ID.

newLogicalId^Required

• Type: string

The new logical ID to use for this stack element.

---

resetOverrideLogicalId

public resetOverrideLogicalId(): void

Resets a previously passed logical Id to use the auto-generated logical id again.

toHclTerraform

public toHclTerraform(): any

toMetadata

public toMetadata(): any

toTerraform

public toTerraform(): any

Adds this resource to the terraform JSON output.

addMoveTarget

public addMoveTarget(moveTarget: string): void

Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.

moveTarget^Required

• Type: string

The string move target that will correspond to this resource.

---

getAnyMapAttribute

public getAnyMapAttribute(terraformAttribute: string): {[ key: string ]: any}

terraformAttribute^Required

• Type: string

---

getBooleanAttribute

public getBooleanAttribute(terraformAttribute: string): IResolvable

terraformAttribute^Required

• Type: string

---

getBooleanMapAttribute

public getBooleanMapAttribute(terraformAttribute: string): {[ key: string ]: boolean}

terraformAttribute^Required

• Type: string

---

getListAttribute

public getListAttribute(terraformAttribute: string): string[]

terraformAttribute^Required

• Type: string

---

getNumberAttribute

public getNumberAttribute(terraformAttribute: string): number

terraformAttribute^Required

• Type: string

---

getNumberListAttribute

public getNumberListAttribute(terraformAttribute: string): number[]

terraformAttribute^Required

• Type: string

---

getNumberMapAttribute

public getNumberMapAttribute(terraformAttribute: string): {[ key: string ]: number}

terraformAttribute^Required

• Type: string

---

getStringAttribute

public getStringAttribute(terraformAttribute: string): string

terraformAttribute^Required

• Type: string

---

getStringMapAttribute

public getStringMapAttribute(terraformAttribute: string): {[ key: string ]: string}

terraformAttribute^Required

• Type: string

---

hasResourceMove

public hasResourceMove(): TerraformResourceMoveByTarget | TerraformResourceMoveById

importFrom

public importFrom(id: string, provider?: TerraformProvider): void

id^Required

• Type: string

---

provider^Optional

• Type: cdktf.TerraformProvider

---

interpolationForAttribute

public interpolationForAttribute(terraformAttribute: string): IResolvable

terraformAttribute^Required

• Type: string

---

moveFromId

public moveFromId(id: string): void

Move the resource corresponding to "id" to this resource.

Note that the resource being moved from must be marked as moved using it's instance function.

id^Required

• Type: string

Full id of resource being moved from, e.g. "aws_s3_bucket.example".

---

moveTo

public moveTo(moveTarget: string, index?: string | number): void

Moves this resource to the target resource given by moveTarget.

moveTarget^Required

• Type: string

The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.

---

index^Optional

• Type: string | number

Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.

---

moveToId

public moveToId(id: string): void

Moves this resource to the resource corresponding to "id".

id^Required

• Type: string

Full id of resource to move to, e.g. "aws_s3_bucket.example".

---

resetAllowedRoles

public resetAllowedRoles(): void

resetAnyRoleMode

public resetAnyRoleMode(): void

resetAudienceUrls

public resetAudienceUrls(): void

resetBlockedRoles

public resetBlockedRoles(): void

resetComment

public resetComment(): void

resetId

public resetId(): void

resetJwsKeysUrls

public resetJwsKeysUrls(): void

resetRsaPublicKey

public resetRsaPublicKey(): void

resetRsaPublicKey2

public resetRsaPublicKey2(): void

resetScopeDelimiter

public resetScopeDelimiter(): void

resetScopeMappingAttribute

public resetScopeMappingAttribute(): void

Static Functions

Name	Description
isConstruct	Checks if x is a construct.
isTerraformElement	No description.
isTerraformResource	No description.
generateConfigForImport	Generates CDKTF code for importing a ExternalOauthIntegration resource upon running "cdktf plan ".

---

isConstruct

import { externalOauthIntegration } from '@cdktf/provider-snowflake'

externalOauthIntegration.ExternalOauthIntegration.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

isTerraformElement

import { externalOauthIntegration } from '@cdktf/provider-snowflake'

externalOauthIntegration.ExternalOauthIntegration.isTerraformElement(x: any)

x^Required

• Type: any

---

isTerraformResource

import { externalOauthIntegration } from '@cdktf/provider-snowflake'

externalOauthIntegration.ExternalOauthIntegration.isTerraformResource(x: any)

x^Required

• Type: any

---

generateConfigForImport

import { externalOauthIntegration } from '@cdktf/provider-snowflake'

externalOauthIntegration.ExternalOauthIntegration.generateConfigForImport(scope: Construct, importToId: string, importFromId: string, provider?: TerraformProvider)

Generates CDKTF code for importing a ExternalOauthIntegration resource upon running "cdktf plan ".

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

importToId^Required

• Type: string

The construct id used in the generated config for the ExternalOauthIntegration to import.

---

importFromId^Required

• Type: string

The id of the existing ExternalOauthIntegration that should be imported.

Refer to the {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#import import section} in the documentation of this resource for the id to use

---

provider^Optional

• Type: cdktf.TerraformProvider

? Optional instance of the provider where the ExternalOauthIntegration to import is found.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
cdktfStack	cdktf.TerraformStack	No description.
fqn	string	No description.
friendlyUniqueId	string	No description.
terraformMetaArguments	{[ key: string ]: any}	No description.
terraformResourceType	string	No description.
terraformGeneratorMetadata	cdktf.TerraformProviderGeneratorMetadata	No description.
connection	cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection	No description.
count	number | cdktf.TerraformCount	No description.
dependsOn	string[]	No description.
forEach	cdktf.ITerraformIterator	No description.
lifecycle	cdktf.TerraformResourceLifecycle	No description.
provider	cdktf.TerraformProvider	No description.
provisioners	cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]	No description.
createdOn	string	No description.
allowedRolesInput	string[]	No description.
anyRoleModeInput	string	No description.
audienceUrlsInput	string[]	No description.
blockedRolesInput	string[]	No description.
commentInput	string	No description.
enabledInput	boolean | cdktf.IResolvable	No description.
idInput	string	No description.
issuerInput	string	No description.
jwsKeysUrlsInput	string[]	No description.
nameInput	string	No description.
rsaPublicKey2Input	string	No description.
rsaPublicKeyInput	string	No description.
scopeDelimiterInput	string	No description.
scopeMappingAttributeInput	string	No description.
snowflakeUserMappingAttributeInput	string	No description.
tokenUserMappingClaimsInput	string[]	No description.
typeInput	string	No description.
allowedRoles	string[]	No description.
anyRoleMode	string	No description.
audienceUrls	string[]	No description.
blockedRoles	string[]	No description.
comment	string	No description.
enabled	boolean | cdktf.IResolvable	No description.
id	string	No description.
issuer	string	No description.
jwsKeysUrls	string[]	No description.
name	string	No description.
rsaPublicKey	string	No description.
rsaPublicKey2	string	No description.
scopeDelimiter	string	No description.
scopeMappingAttribute	string	No description.
snowflakeUserMappingAttribute	string	No description.
tokenUserMappingClaims	string[]	No description.
type	string	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

cdktfStack^Required

public readonly cdktfStack: TerraformStack;

• Type: cdktf.TerraformStack

---

fqn^Required

public readonly fqn: string;

• Type: string

---

friendlyUniqueId^Required

public readonly friendlyUniqueId: string;

• Type: string

---

terraformMetaArguments^Required

public readonly terraformMetaArguments: {[ key: string ]: any};

• Type: {[ key: string ]: any}

---

terraformResourceType^Required

public readonly terraformResourceType: string;

• Type: string

---

terraformGeneratorMetadata^Optional

public readonly terraformGeneratorMetadata: TerraformProviderGeneratorMetadata;

• Type: cdktf.TerraformProviderGeneratorMetadata

---

connection^Optional

public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;

• Type: cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection

---

count^Optional

public readonly count: number | TerraformCount;

• Type: number | cdktf.TerraformCount

---

dependsOn^Optional

public readonly dependsOn: string[];

• Type: string[]

---

forEach^Optional

public readonly forEach: ITerraformIterator;

• Type: cdktf.ITerraformIterator

---

lifecycle^Optional

public readonly lifecycle: TerraformResourceLifecycle;

• Type: cdktf.TerraformResourceLifecycle

---

provider^Optional

public readonly provider: TerraformProvider;

• Type: cdktf.TerraformProvider

---

provisioners^Optional

public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];

• Type: cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]

---

createdOn^Required

public readonly createdOn: string;

• Type: string

---

allowedRolesInput^Optional

public readonly allowedRolesInput: string[];

• Type: string[]

---

anyRoleModeInput^Optional

public readonly anyRoleModeInput: string;

• Type: string

---

audienceUrlsInput^Optional

public readonly audienceUrlsInput: string[];

• Type: string[]

---

blockedRolesInput^Optional

public readonly blockedRolesInput: string[];

• Type: string[]

---

commentInput^Optional

public readonly commentInput: string;

• Type: string

---

enabledInput^Optional

public readonly enabledInput: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

idInput^Optional

public readonly idInput: string;

• Type: string

---

issuerInput^Optional

public readonly issuerInput: string;

• Type: string

---

jwsKeysUrlsInput^Optional

public readonly jwsKeysUrlsInput: string[];

• Type: string[]

---

nameInput^Optional

public readonly nameInput: string;

• Type: string

---

rsaPublicKey2Input^Optional

public readonly rsaPublicKey2Input: string;

• Type: string

---

rsaPublicKeyInput^Optional

public readonly rsaPublicKeyInput: string;

• Type: string

---

scopeDelimiterInput^Optional

public readonly scopeDelimiterInput: string;

• Type: string

---

scopeMappingAttributeInput^Optional

public readonly scopeMappingAttributeInput: string;

• Type: string

---

snowflakeUserMappingAttributeInput^Optional

public readonly snowflakeUserMappingAttributeInput: string;

• Type: string

---

tokenUserMappingClaimsInput^Optional

public readonly tokenUserMappingClaimsInput: string[];

• Type: string[]

---

typeInput^Optional

public readonly typeInput: string;

• Type: string

---

allowedRoles^Required

public readonly allowedRoles: string[];

• Type: string[]

---

anyRoleMode^Required

public readonly anyRoleMode: string;

• Type: string

---

audienceUrls^Required

public readonly audienceUrls: string[];

• Type: string[]

---

blockedRoles^Required

public readonly blockedRoles: string[];

• Type: string[]

---

comment^Required

public readonly comment: string;

• Type: string

---

enabled^Required

public readonly enabled: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

id^Required

public readonly id: string;

• Type: string

---

issuer^Required

public readonly issuer: string;

• Type: string

---

jwsKeysUrls^Required

public readonly jwsKeysUrls: string[];

• Type: string[]

---

name^Required

public readonly name: string;

• Type: string

---

rsaPublicKey^Required

public readonly rsaPublicKey: string;

• Type: string

---

rsaPublicKey2^Required

public readonly rsaPublicKey2: string;

• Type: string

---

scopeDelimiter^Required

public readonly scopeDelimiter: string;

• Type: string

---

scopeMappingAttribute^Required

public readonly scopeMappingAttribute: string;

• Type: string

---

snowflakeUserMappingAttribute^Required

public readonly snowflakeUserMappingAttribute: string;

• Type: string

---

tokenUserMappingClaims^Required

public readonly tokenUserMappingClaims: string[];

• Type: string[]

---

type^Required

public readonly type: string;

• Type: string

---

Constants

Name	Type	Description
tfResourceType	string	No description.

---

tfResourceType^Required

public readonly tfResourceType: string;

• Type: string

---

Structs

ExternalOauthIntegrationConfig

Initializer

import { externalOauthIntegration } from '@cdktf/provider-snowflake'

const externalOauthIntegrationConfig: externalOauthIntegration.ExternalOauthIntegrationConfig = { ... }

Properties

Name	Type	Description
connection	cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection	No description.
count	number | cdktf.TerraformCount	No description.
dependsOn	cdktf.ITerraformDependable[]	No description.
forEach	cdktf.ITerraformIterator	No description.
lifecycle	cdktf.TerraformResourceLifecycle	No description.
provider	cdktf.TerraformProvider	No description.
provisioners	cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]	No description.
enabled	boolean | cdktf.IResolvable	Specifies whether to initiate operation of the integration or suspend it.
issuer	string	Specifies the URL to define the OAuth 2.0 authorization server.
name	string	Specifies the name of the External Oath integration.
snowflakeUserMappingAttribute	string	Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
tokenUserMappingClaims	string[]	Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type	string	Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
allowedRoles	string[]	Specifies the list of roles that the client can set as the primary role.
anyRoleMode	string	Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audienceUrls	string[]	Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL.
blockedRoles	string[]	Specifies the list of roles that a client cannot set as the primary role.
comment	string	Specifies a comment for the OAuth integration.
id	string	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#id ExternalOauthIntegration#id}.
jwsKeysUrls	string[]	Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token.
rsaPublicKey	string	Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsaPublicKey2	string	Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
scopeDelimiter	string	Specifies the scope delimiter in the authorization token.
scopeMappingAttribute	string	Specifies the access token claim to map the access token to an account role.

---

connection^Optional

public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;

• Type: cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection

---

count^Optional

public readonly count: number | TerraformCount;

• Type: number | cdktf.TerraformCount

---

dependsOn^Optional

public readonly dependsOn: ITerraformDependable[];

• Type: cdktf.ITerraformDependable[]

---

forEach^Optional

public readonly forEach: ITerraformIterator;

• Type: cdktf.ITerraformIterator

---

lifecycle^Optional

public readonly lifecycle: TerraformResourceLifecycle;

• Type: cdktf.TerraformResourceLifecycle

---

provider^Optional

public readonly provider: TerraformProvider;

• Type: cdktf.TerraformProvider

---

provisioners^Optional

public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];

• Type: cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]

---

enabled^Required

public readonly enabled: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

Specifies whether to initiate operation of the integration or suspend it.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#enabled ExternalOauthIntegration#enabled}

---

issuer^Required

public readonly issuer: string;

• Type: string

Specifies the URL to define the OAuth 2.0 authorization server.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#issuer ExternalOauthIntegration#issuer}

---

name^Required

public readonly name: string;

• Type: string

Specifies the name of the External Oath integration.

This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#name ExternalOauthIntegration#name}

---

snowflakeUserMappingAttribute^Required

public readonly snowflakeUserMappingAttribute: string;

• Type: string

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#snowflake_user_mapping_attribute ExternalOauthIntegration#snowflake_user_mapping_attribute}

---

tokenUserMappingClaims^Required

public readonly tokenUserMappingClaims: string[];

• Type: string[]

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#token_user_mapping_claims ExternalOauthIntegration#token_user_mapping_claims}

---

type^Required

public readonly type: string;

• Type: string

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#type ExternalOauthIntegration#type}

---

allowedRoles^Optional

public readonly allowedRoles: string[];

• Type: string[]

Specifies the list of roles that the client can set as the primary role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#allowed_roles ExternalOauthIntegration#allowed_roles}

---

anyRoleMode^Optional

public readonly anyRoleMode: string;

• Type: string

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#any_role_mode ExternalOauthIntegration#any_role_mode}

---

audienceUrls^Optional

public readonly audienceUrls: string[];

• Type: string[]

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#audience_urls ExternalOauthIntegration#audience_urls}

---

blockedRoles^Optional

public readonly blockedRoles: string[];

• Type: string[]

Specifies the list of roles that a client cannot set as the primary role.

Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#blocked_roles ExternalOauthIntegration#blocked_roles}

---

comment^Optional

public readonly comment: string;

• Type: string

Specifies a comment for the OAuth integration.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#comment ExternalOauthIntegration#comment}

---

id^Optional

public readonly id: string;

• Type: string

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#id ExternalOauthIntegration#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

---

jwsKeysUrls^Optional

public readonly jwsKeysUrls: string[];

• Type: string[]

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token.

The maximum number of URLs that can be specified in the list is 3.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#jws_keys_urls ExternalOauthIntegration#jws_keys_urls}

---

rsaPublicKey^Optional

public readonly rsaPublicKey: string;

• Type: string

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#rsa_public_key ExternalOauthIntegration#rsa_public_key}

---

rsaPublicKey2^Optional

public readonly rsaPublicKey2: string;

• Type: string

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

Used for key rotation.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#rsa_public_key_2 ExternalOauthIntegration#rsa_public_key_2}

---

scopeDelimiter^Optional

public readonly scopeDelimiter: string;

• Type: string

Specifies the scope delimiter in the authorization token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#scope_delimiter ExternalOauthIntegration#scope_delimiter}

---

scopeMappingAttribute^Optional

public readonly scopeMappingAttribute: string;

• Type: string

Specifies the access token claim to map the access token to an account role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/snowflake-labs/snowflake/0.91.0/docs/resources/external_oauth_integration#scope_mapping_attribute ExternalOauthIntegration#scope_mapping_attribute}

---