External OAuth security integrations: EXTERNAL_OAUTH_JWS_KEYS_URL parameter requires HTTPS (Preview)¶

Attention

This behavior change is in the 2026_02 bundle.

For the current status of the bundle, refer to Bundle history.

The EXTERNAL_OAUTH_JWS_KEYS_URL parameter of an External OAuth security integration specifies the endpoint from which Snowflake retrieves public keys to validate OAuth access tokens. This behavior change strengthens security by ensuring that public keys used to validate OAuth access tokens are always retrieved over an encrypted connection.

Before the change:: The EXTERNAL_OAUTH_JWS_KEYS_URL parameter accepts both HTTP and HTTPS URLs. HTTP transmits data in plain text, which means the keys retrieved over HTTP are vulnerable to interception and man-in-the-middle attacks.
After the change:: The EXTERNAL_OAUTH_JWS_KEYS_URL parameter requires an HTTPS URL. HTTPS encrypts data in transit using TLS, which protects against attacks. HTTP URLs are no longer accepted.

Ref: 2218