snowflakedb
diff --git a/‎DESCRIPTION.md‎
Lines changed: 1 addition & 2 deletions b/‎DESCRIPTION.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/snowflake/connector/auth/_auth.py‎ renamed to ‎src/snowflake/connector/auth.py‎
Lines changed: 55 additions & 81 deletions b/‎src/snowflake/connector/auth/_auth.py‎ renamed to ‎src/snowflake/connector/auth.py‎
Lines changed: 55 additions & 81 deletions
diff --git a/‎src/snowflake/connector/auth/__init__.py‎
Lines changed: 0 additions & 40 deletions b/‎src/snowflake/connector/auth/__init__.py‎
Lines changed: 0 additions & 40 deletions
diff --git a/‎src/snowflake/connector/auth/default.py‎
Lines changed: 0 additions & 40 deletions b/‎src/snowflake/connector/auth/default.py‎
Lines changed: 0 additions & 40 deletions
@@ -8,9 +8,8 @@ Source code is also available at: https://github.com/snowflakedb/snowflake-conne
 
 # Release Notes
 
-- v2.8.3(Unreleased)
+- v2.8.3(November 28,2022)
   - Bumped cryptography dependency from <39.0.0 to <41.0.0
-  - Fixed a bug where the permission of the file downloaded via GET command is changed
   - Fixed a bug where expired OCSP response cache caused infinite recursion during cache loading
 
 - v2.8.2(November 18,2022)
 
@@ -1,3 +1,4 @@
+#!/usr/bin/env python
 #
 # Copyright (c) 2012-2021 Snowflake Computing Inc. All rights reserved.
 #
@@ -15,7 +16,6 @@
 from os import getenv, makedirs, mkdir, path, remove, removedirs, rmdir
 from os.path import expanduser
 from threading import Lock, Thread
-from typing import TYPE_CHECKING, Any, Callable
 
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.serialization import (
@@ -26,45 +26,44 @@
     load_pem_private_key,
 )
 
-from ..compat import IS_LINUX, IS_MACOS, IS_WINDOWS, urlencode
-from ..constants import (
-    DAY_IN_SECONDS,
+from .auth_keypair import AuthByKeyPair
+from .auth_usrpwdmfa import AuthByUsrPwdMfa
+from .compat import IS_LINUX, IS_MACOS, IS_WINDOWS, urlencode
+from .constants import (
     HTTP_HEADER_ACCEPT,
     HTTP_HEADER_CONTENT_TYPE,
     HTTP_HEADER_SERVICE_NAME,
     HTTP_HEADER_USER_AGENT,
     PARAMETER_CLIENT_REQUEST_MFA_TOKEN,
     PARAMETER_CLIENT_STORE_TEMPORARY_CREDENTIAL,
 )
-from ..description import (
+from .description import (
     COMPILER,
     IMPLEMENTATION,
     OPERATING_SYSTEM,
     PLATFORM,
     PYTHON_VERSION,
 )
-from ..errorcode import ER_FAILED_TO_CONNECT_TO_DB
-from ..errors import (
+from .errorcode import ER_FAILED_TO_CONNECT_TO_DB
+from .errors import (
     BadGatewayError,
     DatabaseError,
     Error,
     ForbiddenError,
     ProgrammingError,
     ServiceUnavailableError,
 )
-from ..network import (
+from .network import (
     ACCEPT_TYPE_APPLICATION_SNOWFLAKE,
     CONTENT_TYPE_APPLICATION_JSON,
     ID_TOKEN_INVALID_LOGIN_REQUEST_GS_CODE,
+    KEY_PAIR_AUTHENTICATOR,
     PYTHON_CONNECTOR_USER_AGENT,
     ReauthenticationRequest,
 )
-from ..options import installed_keyring, keyring
-from ..sqlstate import SQLSTATE_CONNECTION_WAS_NOT_ESTABLISHED
-from ..version import VERSION
-
-if TYPE_CHECKING:
-    from . import AuthByPlugin
+from .options import installed_keyring, keyring
+from .sqlstate import SQLSTATE_CONNECTION_WAS_NOT_ESTABLISHED
+from .version import VERSION
 
 logger = logging.getLogger(__name__)
 
@@ -154,19 +153,19 @@ def base_auth_data(
 
     def authenticate(
         self,
-        auth_instance: AuthByPlugin,
-        account: str,
-        user: str,
-        database: str | None = None,
-        schema: str | None = None,
-        warehouse: str | None = None,
-        role: str | None = None,
-        passcode: str | None = None,
-        passcode_in_password: bool = False,
-        mfa_callback: Callable[[], None] | None = None,
-        password_callback: Callable[[], str] | None = None,
-        session_parameters: dict[Any, Any] | None = None,
-        timeout: int = 120,
+        auth_instance,
+        account,
+        user,
+        database=None,
+        schema=None,
+        warehouse=None,
+        role=None,
+        passcode=None,
+        passcode_in_password=False,
+        mfa_callback=None,
+        password_callback=None,
+        session_parameters=None,
+        timeout=120,
     ) -> dict[str, str | int | bool]:
         logger.debug("authenticate")
 
@@ -243,7 +242,15 @@ def authenticate(
         # login_timeout comes from user configuration.
         # Between login timeout and auth specific
         # timeout use whichever value is smaller
-        auth_timeout = min(self._rest._connection.login_timeout, auth_instance.timeout)
+        if hasattr(auth_instance, "get_timeout"):
+            logger.debug(
+                f"Authenticator, {type(auth_instance).__name__}, implements get_timeout"
+            )
+            auth_timeout = min(
+                self._rest._connection.login_timeout, auth_instance.get_timeout()
+            )
+        else:
+            auth_timeout = self._rest._connection.login_timeout
         logger.debug(f"Timeout set to {auth_timeout}")
 
         try:
@@ -379,19 +386,15 @@ def post_request_wrapper(self, url, headers, body):
                     )
                 )
 
-            from . import AuthByKeyPair
-
-            if isinstance(auth_instance, AuthByKeyPair):
+            if type(auth_instance) is AuthByKeyPair:
                 logger.debug(
                     "JWT Token authentication failed. "
                     "Token expires at: %s. "
                     "Current Time: %s",
                     str(auth_instance._jwt_token_exp),
                     str(datetime.utcnow()),
                 )
-            from . import AuthByUsrPwdMfa
-
-            if isinstance(auth_instance, AuthByUsrPwdMfa):
+            if type(auth_instance) is AuthByUsrPwdMfa:
                 delete_temporary_credential(self._rest._host, user, MFA_TOKEN)
             Error.errorhandler_wrapper(
                 self._rest._connection,
@@ -480,33 +483,16 @@ def _read_temporary_credential(self, host, user, cred_type):
             logger.debug("OS not supported for Local Secure Storage")
         return cred
 
-    def read_temporary_credentials(
-        self,
-        host: str,
-        user: str,
-        session_parameters: dict[str, Any],
-    ) -> None:
+    def read_temporary_credentials(self, host, user, session_parameters):
         if session_parameters.get(PARAMETER_CLIENT_STORE_TEMPORARY_CREDENTIAL, False):
-            self._rest.id_token = self._read_temporary_credential(
-                host,
-                user,
-                ID_TOKEN,
-            )
+            self._rest.id_token = self._read_temporary_credential(host, user, ID_TOKEN)
 
         if session_parameters.get(PARAMETER_CLIENT_REQUEST_MFA_TOKEN, False):
             self._rest.mfa_token = self._read_temporary_credential(
-                host,
-                user,
-                MFA_TOKEN,
+                host, user, MFA_TOKEN
             )
 
-    def _write_temporary_credential(
-        self,
-        host: str,
-        user: str,
-        cred_type: str,
-        cred: str | None,
-    ) -> None:
+    def _write_temporary_credential(self, host, user, cred_type, cred):
         if not cred:
             logger.debug(
                 "no credential is given when try to store temporary credential"
@@ -536,18 +522,9 @@ def _write_temporary_credential(
         else:
             logger.debug("OS not supported for Local Secure Storage")
 
-    def write_temporary_credentials(
-        self,
-        host: str,
-        user: str,
-        session_parameters: dict[str, Any],
-        response: dict[str, Any],
-    ) -> None:
-        if (
-            self._rest._connection.auth_class.consent_cache_id_token
-            and session_parameters.get(
-                PARAMETER_CLIENT_STORE_TEMPORARY_CREDENTIAL, False
-            )
+    def write_temporary_credentials(self, host, user, session_parameters, response):
+        if self._rest._connection.consent_cache_id_token and session_parameters.get(
+            PARAMETER_CLIENT_STORE_TEMPORARY_CREDENTIAL, False
         ):
             self._write_temporary_credential(
                 host, user, ID_TOKEN, response["data"].get("idToken")
@@ -557,9 +534,10 @@ def write_temporary_credentials(
             self._write_temporary_credential(
                 host, user, MFA_TOKEN, response["data"].get("mfaToken")
             )
+        return
 
 
-def flush_temporary_credentials() -> None:
+def flush_temporary_credentials():
     """Flush temporary credentials in memory into disk. Need to hold TEMPORARY_CREDENTIAL_LOCK."""
     global TEMPORARY_CREDENTIAL
     global TEMPORARY_CREDENTIAL_FILE
@@ -588,7 +566,7 @@ def flush_temporary_credentials() -> None:
         unlock_temporary_credential_file()
 
 
-def write_temporary_credential_file(host, cred_name, cred) -> None:
+def write_temporary_credential_file(host, cred_name, cred):
     """Writes temporary credential file when OS is Linux."""
     if not CACHE_DIR:
         # no cache is enabled
@@ -603,7 +581,7 @@ def write_temporary_credential_file(host, cred_name, cred) -> None:
         flush_temporary_credentials()
 
 
-def read_temporary_credential_file() -> None:
+def read_temporary_credential_file():
     """Reads temporary credential file when OS is Linux."""
     if not CACHE_DIR:
         # no cache is enabled
@@ -638,9 +616,10 @@ def read_temporary_credential_file() -> None:
             )
         finally:
             unlock_temporary_credential_file()
+    return None
 
 
-def lock_temporary_credential_file() -> bool:
+def lock_temporary_credential_file():
     global TEMPORARY_CREDENTIAL_FILE_LOCK
     try:
         mkdir(TEMPORARY_CREDENTIAL_FILE_LOCK)
@@ -653,7 +632,7 @@ def lock_temporary_credential_file() -> bool:
         return False
 
 
-def unlock_temporary_credential_file() -> bool:
+def unlock_temporary_credential_file():
     global TEMPORARY_CREDENTIAL_FILE_LOCK
     try:
         rmdir(TEMPORARY_CREDENTIAL_FILE_LOCK)
@@ -730,13 +709,10 @@ def get_token_from_private_key(
         format=PrivateFormat.PKCS8,
         encryption_algorithm=NoEncryption(),
     )
-    from . import AuthByKeyPair
-
-    auth_instance = AuthByKeyPair(
-        private_key,
-        DAY_IN_SECONDS,
-    )  # token valid for 24 hours
-    return auth_instance.prepare(account=account, user=user)
+    auth_instance = AuthByKeyPair(private_key, 1440 * 60)  # token valid for 24 hours
+    return auth_instance.authenticate(
+        KEY_PAIR_AUTHENTICATOR, None, account, user, key_password
+    )
 
 
 def get_public_key_fingerprint(private_key_file: str, password: str) -> str:
@@ -753,6 +729,4 @@ def get_public_key_fingerprint(private_key_file: str, password: str) -> str:
     private_key = load_der_private_key(
         data=private_key, password=None, backend=default_backend()
     )
-    from . import AuthByKeyPair
-
     return AuthByKeyPair.calculate_public_key_fingerprint(private_key)