Skip to content

SNOW-2194055: AuthServer listens on redirect URI instead of localhost during OAuth Code flow #2396

New issue
New issue
Open
#2400
Open
SNOW-2194055: AuthServer listens on redirect URI instead of localhost during OAuth Code flow#2396
#2400
Assignees
sfc-gh-snow-drivers-warsaw-dl
Labels
bugstatus-triage_doneInitial triage done, will be further handled by the driver team
@npeshkov

Description

@npeshkov
npeshkov
opened on Jul 8, 2025

Python version

Python 3.12.11 (main, Jul 1 2025, 10:08:28) [GCC 12.2.0]

Operating system and processor architecture

Linux-5.10.238-231.953.amzn2.aarch64-aarch64-with-glibc2.36

Installed packages

annotated-types==0.7.0
asn1crypto==1.5.1
boto3==1.39.3
botocore==1.39.3
certifi==2025.6.15
cffi==1.17.1
charset-normalizer==3.4.2
cryptography==45.0.5
filelock==3.18.0
greenlet==3.2.3
idna==3.10
jaraco.classes==3.4.0
jaraco.context==6.0.1
jaraco.functools==4.2.1
jeepney==0.9.0
jmespath==1.0.1
keyring==25.6.0
more-itertools==10.7.0
packaging==25.0
platformdirs==4.3.8
pycparser==2.22
pydantic==2.11.7
pydantic_core==2.33.2
PyJWT==2.10.1
pyOpenSSL==25.1.0
python-dateutil==2.9.0.post0
pytz==2025.2
requests==2.32.4
s3transfer==0.13.0
SecretStorage==3.3.3
six==1.17.0
snowflake-connector-python==3.16.0
snowflake-sqlalchemy==1.7.5
sortedcontainers==2.4.0
SQLAlchemy==2.0.41
tomlkit==0.13.3
typing-inspection==0.4.1
typing_extensions==4.14.1
urllib3==2.5.0

What did you do?

"""Connect to Snowflake from cloud IDE using OAuth and redirect URI other than localhost."""

import logging

import snowflake.connector


for logger_name in ('snowflake.connector',):
    logger = logging.getLogger(logger_name)
    logger.setLevel(logging.DEBUG)
    ch = logging.StreamHandler()
    ch.setLevel(logging.DEBUG)
    ch.setFormatter(logging.Formatter('%(asctime)s - %(threadName)s %(filename)s:%(lineno)d - %(funcName)s() - %(levelname)s - %(message)s'))
    logger.addHandler(ch)


conn = snowflake.connector.connect(
    authenticator="OAUTH_AUTHORIZATION_CODE",
    account=...,
    user=...,
    oauth_client_id=...,
    oauth_client_secret=...,
    oauth_authorization_url=...,
    oauth_token_request_url=...,
    oauth_redirect_uri="https://not_localhost.com/redirect/path/",
)

What did you expect to see?

Expectations

I expected AuthHttpServer to listen on localhost instead of the redirect URI during the OAuth flow.

Proposal

The listening socket and redirect URI should be separated, the following could work.

  • Use localhost, or e.g. SF_AUTH_SOCKET_ADDR (as suggested in #1811) with customizable port for theAuthHttpServer.
  • Use the redirect URI for the authorisation and token requests.

Can you set logging to DEBUG and collect the logs?

2025-07-08 15:59:06,174 - MainThread config_manager.py:344 - read_config() - DEBUG - reading configuration file from /home/picnic/.snowflake/connections.toml
2025-07-08 15:59:06,174 - MainThread connection.py:493 - __init__() - INFO - Snowflake Connector for Python Version: 3.16.0, Python Version: 3.12.11, Platform: Linux-5.10.238-231.953.amzn2.aarch64-aarch64-with-glibc2.36
2025-07-08 15:59:06,175 - MainThread connection.py:870 - connect() - DEBUG - connect
2025-07-08 15:59:06,175 - MainThread connection.py:1327 - __config() - DEBUG - __config
2025-07-08 15:59:06,175 - MainThread connection.py:1410 - __config() - INFO - Connecting to GLOBAL Snowflake domain
2025-07-08 15:59:06,175 - MainThread connection.py:1530 - __config() - DEBUG - This connection is in OCSP Fail Open Mode. TLS Certificates would be checked for validity and revocation status. Any other Certificate Revocation related exceptions or OCSP Responder failures would be disregarded in favor of connectivity.
2025-07-08 15:59:06,175 - MainThread converter.py:155 - __init__() - DEBUG - use_numpy: False
2025-07-08 15:59:06,175 - MainThread connection.py:1082 - __open_connection() - DEBUG - REST API object was created: REDACTED
2025-07-08 15:59:06,175 - MainThread oauth_code.py:96 - __init__() - DEBUG - chose oauth state: **********************************************************
2025-07-08 15:59:06,175 - MainThread oauth_code.py:100 - __init__() - DEBUG - oauth pkce is going to be used
2025-07-08 15:59:06,175 - MainThread _oauth_base.py:247 - prepare() - DEBUG - authenticating with OAuth authorization code flow
2025-07-08 15:59:06,175 - MainThread oauth_code.py:119 - _request_tokens() - DEBUG - authenticating with OAuth authorization code flow
2025-07-08 15:59:06,182 - MainThread _http_server.py:106 - __init__() - WARNING - Attempt 1/15. Failed to bind authorization callback server to port 0: [Errno 99] Cannot assign requested address
2025-07-08 15:59:08,186 - MainThread _http_server.py:106 - __init__() - WARNING - Attempt 2/15. Failed to bind authorization callback server to port 0: [Errno 99] Cannot assign requested address
...

Metadata

Metadata

Assignees

Labels

bugstatus-triage_doneInitial triage done, will be further handled by the driver team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions