Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-1899674: [Question] OAuth Client Credentials Flow support through the JDBC Driver #2050

Open
scottmcgowan24 opened this issue Jan 27, 2025 · 3 comments
Open

SNOW-1899674: [Question] OAuth Client Credentials Flow support through the JDBC Driver #2050

scottmcgowan24 opened this issue Jan 27, 2025 · 3 comments
Assignees
@sfc-gh-snow-drivers-warsaw-dl
Labels
enhancement The issue is a request for improvement or a new feature status-triage_done Initial triage done, will be further handled by the driver team

Comments

@scottmcgowan24
Copy link

scottmcgowan24 commented Jan 27, 2025
edited
Loading

What is the current behavior?

I see in the driver documentation that there is support around OAuth2.0 support where you can pass in parameters such as a token to use OAuth2.0 when connecting to your Snowflake Instance, even with an external Auth Server such as Okta or PowerBI. I have been trying to get Client Credentials Flow working with the JDBC driver by passing in the Auth Token retrieved from the Auth server I have set up and am getting a 404 error when connecting since it attempts to redirect to the /session/v1/login-request endpoint. This behavior doesn't make sense for Client Credentials flow since there is no manual login so I was confused seeing this.

After trying to debug and looking into the code of the driver I see that you all have created a branch for oauth-code-flow which looks to be adding support for Client Credentials Flow: https://github.com/snowflakedb/snowflake-jdbc/tree/oauth-code-flow

This is less of an issue and more of a question, but I'd just like to confirm that the current JDBC Driver does not support Client Credentials Flow and that this authentication mechanism will become available when https://github.com/snowflakedb/snowflake-jdbc/tree/oauth-code-flow is merged into master?

What is the desired behavior?

Usage of Client Credentials Flow for OAuth2.0 via the Snowflake JDBC driver.

How would this improve snowflake-jdbc?

It would drastically improve the quality of life for people needing to use OAuth2.0 for security purposes in an automated system.

References, Other Background

N/A
@github-actions github-actions bot changed the title [Question] OAuth Client Credentials Flow support through the JDBC Driver SNOW-1899674: [Question] OAuth Client Credentials Flow support through the JDBC Driver Jan 27, 2025
@sfc-gh-dszmolka sfc-gh-dszmolka self-assigned this Jan 30, 2025
@sfc-gh-dszmolka sfc-gh-dszmolka added status-triage Issue is under initial triage and removed feature labels Jan 30, 2025
@sfc-gh-dszmolka
Copy link
Contributor

hi - thanks for raising this issue with us.

  1. can confirm Client Credentials Flow is not supported yet (with drivers, at least..)
  2. looking at the feature branch, it indeed seems to implement PAT + OAuth Authorization Code + OAuth Client Credentials support, but confirming with the team and will update here

@sfc-gh-dszmolka
Copy link
Contributor

thank you all who is interested, got to know the following information

  • indeed the feature branch will implement Client Credentials Flow (with external IdP), and Authorization Code Flow (with external IdP , also with Snowflake as the IdP)
  • initially, we intend to launch a test phase with a pre-selected number of customers
  • around April 2025, we expect to make the feature available to everyone

Thank you again for your interest and also bearing with us while this is tested and made available in a wider circle!
Leaving this issue open so any updates could be easily relayed if there's anything.

@sfc-gh-dszmolka sfc-gh-dszmolka added enhancement The issue is a request for improvement or a new feature status-triage_done Initial triage done, will be further handled by the driver team and removed status-triage Issue is under initial triage labels Jan 30, 2025
@scottmcgowan24
Copy link
Author

Thank you for the fast response @sfc-gh-dszmolka ! I look forward to this behavior being released 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-snow-drivers-warsaw-dl sfc-gh-snow-drivers-warsaw-dl

Labels
enhancement The issue is a request for improvement or a new feature status-triage_done Initial triage done, will be further handled by the driver team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@scottmcgowan24 @sfc-gh-dszmolka @sfc-gh-snow-drivers-warsaw-dl