Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SNOW-1346563: Authorization issue (Method not found: Void Microsoft.IdentityModel.Tokens.InternalValidators.ValidateLifetimeAndIssuerAfterSignatureNotValidatedSaml) #932

Closed
raffi1965 opened this issue Apr 25, 2024 · 7 comments
Assignees
Labels
question Issue is a usage/other question rather than a bug status-triage_done Initial triage done, will be further handled by the driver team wontfix

Comments

@raffi1965
Copy link

raffi1965 commented Apr 25, 2024

1.Used: core 6.0
2. OS: windows 10

I add Snowflaka.Data v3.1.0 to project
Run project and try to authenticate to Azure via B2B
It throws exception
MissingMethodException: Method not found: 'Void Microsoft.IdentityModel.Tokens.InternalValidators.ValidateLifetimeAndIssuerAfterSignatureNotValidatedSaml(Microsoft.IdentityModel.Tokens.SecurityToken, System.Nullable1<System.DateTime>, System.Nullable1<System.DateTime>, System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters, System.Text.StringBuilder)'.

@raffi1965 raffi1965 added the bug label Apr 25, 2024
@github-actions github-actions bot changed the title Authorization issue SNOW-1346563: Authorization issue Apr 25, 2024
@sfc-gh-dszmolka sfc-gh-dszmolka self-assigned this Apr 26, 2024
@sfc-gh-dszmolka sfc-gh-dszmolka added the status-triage Issue is under initial triage label Apr 26, 2024
@sfc-gh-dszmolka
Copy link
Contributor

sfc-gh-dszmolka commented Apr 26, 2024

hi and thanks for raising this issue. The stack snippet you included does not seem to come from Snowflake so I'm wondering how is this issue originating or caused by the Snowflake .NET driver.

Can you please provide a runnable reproduction with environment setup so we could reproduce the same issue ?

In the meantime I did a quick search and although it's a different type of token, AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#1792 looks very similar to the issue you're seeing.
Can you try the workarounds discussed in the above issue, for example:

  • downgrading to 6.10.10 / 6.14.1
  • making sure all the other related Microsoft.IdentityModel.* packages ar at the same version as Microsoft.IdentityModel.Tokens
  • adding Microsoft.IdentityModel.Protocols.OpenIdConnect to your project
  • and the rest of the workarounds discussed in the issue

If you think this issue is coming from Snowflake, happy to investigate further but I would kindly require you to provide a reproduction and details . Thank you in advance !

@sfc-gh-dszmolka sfc-gh-dszmolka added status-information_needed Additional information is required from the reporter question Issue is a usage/other question rather than a bug and removed bug labels Apr 26, 2024
@raffi1965
Copy link
Author

Reproduction step:

  1. create .net core web api project (v6.0)

  2. register application instance in Azure AD

  3. apply authentication for the registered instance
    image

  4. run application from VS - it should be successfull

  5. add Snowflaka.Data nuget to the project

  6. run project - it should fail with the exception

@sfc-gh-dszmolka sfc-gh-dszmolka added status-triage Issue is under initial triage and removed status-triage Issue is under initial triage status-information_needed Additional information is required from the reporter labels Apr 26, 2024
@sfc-gh-dszmolka
Copy link
Contributor

sfc-gh-dszmolka commented Apr 26, 2024

Thank you! Checked the repro you sent but apparently it needs considerable setup and an Azure subscription too, so will not be trivial to set up and might take some time. Thus in parallel, checked what else we can do here.

So dependency Microsoft.IdentityModel.Tokens is a transitive dependency for Snowflake.Data, and seems to come from direct dependency System.IdentityModel.Tokens.Jwt 6.34.0 .

That does not mean the issue is coming from Snowflake, though.

To confirm you're hitting the issue (or similar issue) which I linked above, could you please, in your repro

  1. instead of Snowflake.Data 3.1.0, add Snowflake.Data 2.1.5 - checked and this was the last version which seems to still have used <6.15 version of Microsoft.IdentityModel.Tokens
  2. retest

If it works now, it is likely due to the issue related to the linked issue, and hopefully the workarounds listed on the linked Microsoft issue help you tackling the problem in the newer version of transitive dependency Microsoft.IdentityModel.Tokens too.

@sfc-gh-dszmolka sfc-gh-dszmolka changed the title SNOW-1346563: Authorization issue SNOW-1346563: Authorization issue (Method not found: Void Microsoft.IdentityModel.Tokens.InternalValidators.ValidateLifetimeAndIssuerAfterSignatureNotValidatedSaml) Apr 26, 2024
@raffi1965
Copy link
Author

raffi1965 commented Apr 26, 2024

downgrade to Snowflake.Data 2.1.5 throws the same exception
Really huge blocker to utilize Snowflake.Data

image

image

@sfc-gh-dszmolka
Copy link
Contributor

thank you for testing - can you please try the workarounds in the linked Microsoft issue ? The problem does not come from the Snowflake library based on the information I got so far. Another search in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet points to a possible solution which is already mentioned in the workarounds in the linked issue (all Microsoft.IdentityModel installed need to be on the same version)

If it doesn't work either (installing the same Microsoft.IdentityModel version for each installed Microsoft.IdentityModel.* module), and you tried all of the workarounds mentioned in the linked Microsoft issue, I suggest raising this in the repo mentioned in this comment.

@sfc-gh-dszmolka sfc-gh-dszmolka added status-triage_done Initial triage done, will be further handled by the driver team and removed status-triage Issue is under initial triage labels Apr 26, 2024
@raffi1965
Copy link
Author

I didn't quite get you: Snowflake.Data doesnt have dependency on Microsoft.Identity.Model
It depends on System.IdentityModel.Tokens.Jwt

image

@sfc-gh-dszmolka
Copy link
Contributor

indeed Snowflake.Data does not have a direct dependency on Microsoft.Identity.Model, that's why I mentioned that Microsoft.Identity.Model is a transitive dependency.

Look at `obj/project.assets.json' in your project , it's the simplest way to see the dependencies (there are others).

      "Snowflake.Data/3.1.0": {
        "type": "package",
        "dependencies": {
          "AWSSDK.S3": "3.7.0.4",
          "Apache.Arrow": "14.0.2",
          "Azure.Storage.Blobs": "12.13.0",
          "Azure.Storage.Common": "12.12.0",
          "BouncyCastle.Cryptography": "2.2.1",
          "Google.Cloud.Storage.V1": "4.6.0",
          "Mono.Unix": "7.1.0-final.1.21458.1",
          "Newtonsoft.Json": "13.0.3",
>>>       "System.IdentityModel.Tokens.Jwt": "6.34.0",
          "System.Text.RegularExpressions": "4.3.1",
          "log4net": "2.0.12"
        },

dependency of Snowflake.Data. However, dependencies can have their own dependencies to work correctly and those have to be installed too. So for System.IdentityModel.Tokens.Jwt:

      "System.IdentityModel.Tokens.Jwt/6.34.0": {
        "type": "package",
        "dependencies": {
          "Microsoft.IdentityModel.JsonWebTokens": "6.34.0",
>>>       "Microsoft.IdentityModel.Tokens": "6.34.0"

and so on.

I'm now closing this issue as it does not seem like something originating from Snowflake; rather Microsoft.IdentityModel.Tokens and/or other Microsoft.IdentityModel.* libraries as explained above.

For a solution, please try the workarounds from the linked issue and if none of them work, please file an Issue directly with the repository mentioned above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Issue is a usage/other question rather than a bug status-triage_done Initial triage done, will be further handled by the driver team wontfix
Projects
None yet
Development

No branches or pull requests

2 participants