SNOW-1825621 refresh token implementation and OAuth token cache #2162
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sfc-gh-mkeller
force-pushed
the
mkeller/SNOW-1825621/refresh-token-token-cache
branch
from
7f15277 to
7a861c1
Compare
sfc-gh-mkeller
changed the base branch from
main
to
mkeller/SNOW-1825621/pkce-support
| ), | ||
| "oauth_security_features": ( | ||
| ("pkce",), | ||
| ("pkce", "refresh_token"), |
Contributor
There was a problem hiding this comment.
we should omit refresh_token from the default, since the default oauth integration will not have refresh tokens enabled unless the admin turns them on explicitly
| logger.info( | ||
| "oauth refresh token is available, going to try consuming it to recover" | ||
| ) | ||
| self._consume_refresh_token(conn=conn) |
Contributor
There was a problem hiding this comment.
we only need to use the refresh token after the access token has expired, in order to create a new session without reprompting for credentials
Co-authored-by: Michał Hofman <[email protected]>
Co-authored-by: Mark Keller <[email protected]> Co-authored-by: Michał Hofman <[email protected]>
…25621/refresh-token-token-cache
Base automatically changed from
mkeller/SNOW-1825621/pkce-support
to
mkeller/SNOW-1825621/oauth-code-flow-support
March 4, 2025 15:04
…ler/SNOW-1825621/refresh-token-token-cache
sfc-gh-mmishchenko
force-pushed
the
mkeller/SNOW-1825621/oauth-code-flow-support
branch
2 times, most recently
from
f4d206c to
dafeb5b
Compare
sfc-gh-mmishchenko
force-pushed
the
mkeller/SNOW-1825621/oauth-code-flow-support
branch
from
e920d82 to
984246e
Compare
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please answer these questions before submitting your pull requests. Thanks!
What GitHub issue is this PR addressing? Make sure that there is an accompanying issue to your PR.
Fixes SNOW-1825621
Fill out the following pre-review checklist:
Please describe how your code solves the related issue.
The last piece of the new OAuth code flow implementation.
The PR builds on top of SNOW-1825621 OAuth code flow PKCE support #2137 and SNOW-1825495 OAuth flows implementation #2135, so those should be merged before this one is reviewed.
I've added support for refresh token consumption and tested it. Unfortunately this is kind of useless until we introduce a OAUTH token cache, so that needs adding still.
(Optional) PR for stored-proc connector: