Skip to main content
Warehouse Connectors let Replit Agent query your organization’s data warehouses. With the Snowflake connector, builders can create dashboards, reporting tools, and data applications using natural language — no SQL expertise required. Setup is a one-time process that requires a Snowflake admin and a Replit workspace admin. Once configured, any team member can sign in and start building with Snowflake data. This guide walks you through the full setup. Three roles are involved:
  1. Snowflake Account Admin — Creates the OAuth integration in Snowflake
  2. Replit Workspace Admin — Configures the connector in Replit
  3. Builder — Signs in and starts building

Create the OAuth integration in Snowflake

The Snowflake Account Admin creates an OAuth Security Integration that allows Replit to authenticate with Snowflake.

Prerequisites

  • ACCOUNTADMIN role in Snowflake
  • Access to run SQL in Snowflake worksheets

Run the setup script

1

Log in to Snowflake

Open your Snowflake account and make sure you are using the ACCOUNTADMIN role. You can verify this in the role dropdown in the top-right corner.
2

Open a SQL worksheet

Click Worksheets in the left sidebar and create a new worksheet.
3

Run the OAuth integration script

Copy and paste the following SQL script and run it:
Create OAuth integration
-- Drop existing integration if needed
DROP INTEGRATION IF EXISTS REPLIT_OAUTH;

-- Create OAuth integration for Replit
CREATE SECURITY INTEGRATION REPLIT_OAUTH
  TYPE = OAUTH
  ENABLED = TRUE
  OAUTH_CLIENT = CUSTOM
  OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
  OAUTH_REDIRECT_URI = 'https://replit.com/connectors/oauth/callback'
  OAUTH_ISSUE_REFRESH_TOKENS = TRUE
  OAUTH_REFRESH_TOKEN_VALIDITY = 7776000
  OAUTH_ALLOW_NON_TLS_REDIRECT_URI = FALSE
  BLOCKED_ROLES_LIST = ()
  COMMENT = 'OAuth integration for Replit connector';
The redirect URI must be exactly https://replit.com/connectors/oauth/callback. Any other value causes a 404 error during authentication.
Setting BLOCKED_ROLES_LIST = () ensures no roles are blocked from using the integration. Without this, you may get “invalid consent request” or “role blocked” errors when connecting.
4

Retrieve your OAuth credentials

Run this query to get the Client ID and Client Secret:
Get OAuth credentials
-- View integration details
DESCRIBE INTEGRATION REPLIT_OAUTH;

-- Get Client ID and Secret
WITH secrets AS (
  SELECT PARSE_JSON(
    SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('REPLIT_OAUTH')
  ) as creds
)
SELECT
  creds:OAUTH_CLIENT_ID::STRING as CLIENT_ID,
  creds:OAUTH_CLIENT_SECRET::STRING as CLIENT_SECRET
FROM secrets;
Copy the Client ID and Client Secret from the output. You need these for the next step.

Configure the connector in Replit

The Replit Workspace Admin adds the Snowflake credentials to Replit. Once configured, anyone on the team can sign in.
This step requires a Teams or Enterprise plan with admin access.
1

Open Integrations

Go to your organization’s settings and select the Integrations tab.
2

Add the Snowflake connector

Click Add New Connector and select Snowflake.
3

Enter credentials

Provide the Client ID and Client Secret from the previous step.
4

Set the scope

Set the connector scope to refresh_token.
Only use the refresh_token scope. Other scopes like session:role-any or session:role:PUBLIC may cause an “invalid scope” error.
5

Save

Click Save to enable the connector.

Sign in to Snowflake

Any team member with access to the connector can sign in. Sign in from the Integrations page first to verify the connection before using it with Agent.
1

Find the Snowflake connector

Go to Integrations in Replit. Under Connectors, find Snowflake.
2

Click Sign In

Click Sign In on the Snowflake connector.
3

Enter your Snowflake Account ID

The OAuth prompt asks for your Snowflake Account ID.To find your Account ID, look at your Snowflake URL:
https://app.snowflake.com/myorg/myaccount
Take the two parts after app.snowflake.com/ and join them with a hyphen:
myorg-myaccount
The URL uses a / between the two parts, but the Account ID uses a - instead.
4

Authenticate

Snowflake redirects you to the login page. Enter your Snowflake credentials to complete the OAuth flow.

Start building with your Snowflake data

After connecting, you can use the Snowflake connector with Agent in two ways:
  • Slash command — Type /snowflake in the prompt to use the connector
  • Natural language — Ask Agent to use your Snowflake data directly
Here is an example prompt: 
Build me a dashboard using my Snowflake data. Show total revenue
by region with a bar chart, a trend line by quarter, and a table
of top 10 customers. Dark theme, clean and modern.
Agent writes and executes SQL queries against your Snowflake data and builds a working application.

Troubleshooting

Verify that the redirect URI in your Snowflake integration is exactly:
https://replit.com/connectors/oauth/callback
Any mismatch causes a 404 during the OAuth flow.
Make sure the connector scope in Replit is set to refresh_token only. Remove any other scopes like session:role-any or session:role:PUBLIC.
Verify that the Client ID and Client Secret in Replit match what Snowflake generated. Re-check by running:
Verify credentials
WITH secrets AS (
  SELECT PARSE_JSON(
    SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('REPLIT_OAUTH')
  ) as creds
)
SELECT
  creds:OAUTH_CLIENT_ID::STRING as CLIENT_ID,
  creds:OAUTH_CLIENT_SECRET::STRING as CLIENT_SECRET
FROM secrets;