Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SNOW-1272506: AcquireTokenByUsernamePassword failing to get OAuth token for Snowflake #898

Closed
A137722 opened this issue Mar 26, 2024 · 4 comments
Assignees
Labels
status-information_needed Additional information is required from the reporter status-triage_done Initial triage done, will be further handled by the driver team

Comments

@A137722
Copy link

A137722 commented Mar 26, 2024

Please answer these questions before submitting your issue.
In order to accurately debug the issue this information is required. Thanks!

  1. What version of .NET driver are you using?
    Snowflake.Data (2.1.0)

  2. What operating system and processor architecture are you using?
    Windows 10

  3. What version of .NET framework are you using?
    .net8

  4. What did you do?
    Attempted to get an OAuth token for accessing Snowflake after upgrading projects to .net8

  5. What did you expect to see?

After updating application to .net8, package Microsoft.Identity.Client was also updated to 4.59.0. Since then, I'm unable to get an OAuth token calling AcquireTokenByUsernamePassword. This worked prior with version 4.47.0

oAuthResult = await app.AcquireTokenByUsernamePassword(scopes, $"{FunctionalID}@progressive.com", encodedSecret)
.ExecuteAsync(CancellationToken.None);

Throws the following:
System.Net.Http.HttpRequestException: 'The SSL connection could not be established, see inner exception.'
Inner exception: AuthenticationException: Cannot determine the frame size or a corrupted frame was received.

  1. Can you set logging to DEBUG and collect the logs?

    https://community.snowflake.com/s/article/How-to-generate-log-file-on-Snowflake-connectors

    There is an example in READMD.md file showing you how to enable logging.

  2. What is your Snowflake account identifier, if any? (Optional)

@A137722 A137722 added the bug label Mar 26, 2024
@github-actions github-actions bot changed the title AcquireTokenByUsernamePassword failing to get OAuth token for Snowflake SNOW-1272506: AcquireTokenByUsernamePassword failing to get OAuth token for Snowflake Mar 26, 2024
@sfc-gh-dszmolka sfc-gh-dszmolka self-assigned this Mar 27, 2024
@sfc-gh-dszmolka sfc-gh-dszmolka added status-triage Issue is under initial triage and removed bug labels Mar 27, 2024
@sfc-gh-dszmolka
Copy link
Contributor

hi and thank you for raising this with us! taking a look

@sfc-gh-dszmolka
Copy link
Contributor

I'll need to set up some infrastructure for this (IdP + configure OAuth) so might take a while.
In the meantime, since the issue seems to be closely related to Microsoft.Identity.Client version change; do you think it would be possible to collect debug level logs from the issue happening ?

I really would prefer to make sure the issue actually comes from a software managed by Snowflake, and not anywhere else.
Thank you in advance !

@sfc-gh-dszmolka sfc-gh-dszmolka added the status-information_needed Additional information is required from the reporter label Mar 28, 2024
@sfc-gh-dszmolka
Copy link
Contributor

had a bit of time to set up the infrastructure, test it, and think a bit about it. Oauth token comes from the IDP.
So if a version change in Microsoft.Identity.Client breaks the interaction with your IDP, then maybe this should be the direction to focus on.

Is Snowflake your OAuth IDP ? Like in this configuration: https://docs.snowflake.com/en/user-guide/oauth-snowflake-overview. If so, could you please provide a reproduction code which when run, contacts Snowflake and retrieves the OAuth token? (or, retrieved, with the older Microsoft.Identity.Client version). Please make sure to sanitize any account-specific details.

If Snowflake is not your IDP and you're using the External OAuth setup, then the next phase need to focus on the Microsoft library vs. the non-Snowflake managed IDP.

@sfc-gh-dszmolka
Copy link
Contributor

closing this issue due to inactivity; as suggested please continue debugging this with your IDP (except if you use Snowflake OAuth and we're your IDP, in this case please do comment and we can look further)

@sfc-gh-dszmolka sfc-gh-dszmolka added status-triage_done Initial triage done, will be further handled by the driver team and removed status-triage Issue is under initial triage labels Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status-information_needed Additional information is required from the reporter status-triage_done Initial triage done, will be further handled by the driver team
Projects
None yet
Development

No branches or pull requests

2 participants