Incoming Request Blocked During Snowflake OAuth Setup

Incoming Request Blocked

You may see the message "Incoming request blocked" when setting up Snowflake OAuth with Coalesce. The error appears after OAuth authentication succeeds but before the connection is established.

Description

This error occurs when Coalesce’s IP addresses are not added to the account-level network policy in Snowflake. While OAuth authentication completes successfully, the connection test fails because the JavaScript driver requires account-level access.

Common Symptoms

You may see the following sequence of messages in Coalesce:

• OAuth authentication confirmed! Testing connection...
• Error establishing OAuth connection

In Snowflake login history, this error appears as:

• Error code: 390422
• Message: INCOMING_REQUEST_BLOCKED

Possible Causes

• Required Coalesce IP addresses are missing from the account-level network policy.
• IP addresses were added only to a user-level network policy, which the JavaScript driver does not use.

Possible Solutions

1. Get the list of required IP addresses from the Network Requirements documentation.

2. You can either create the policy using Snowsight or SQL.

   1. Snowsight: Go to Governance & security > Network policies.
   2. SQL:

   GRANT USAGE ON DATABASE securitydb TO ROLE network_admin;
   GRANT USAGE ON SCHEMA securitydb.myrules TO ROLE network_admin;
   GRANT CREATE NETWORK RULE ON SCHEMA securitydb.myrules TO ROLE network_admin;
   USE ROLE network_admin;
   
   CREATE NETWORK RULE cloud_network TYPE = IPV4 VALUE_LIST = ('11.11.11.11/11');

info

The IP address must be added at the account level. User-level policy won’t fix this error.

---

What's Next?

• Troubleshooting IP Address Access Issues
• Controlling network traffic with network policies

---