Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-715524: Add SSO token cache #921

Open
wants to merge 110 commits into
base: master
Choose a base branch
from
Open

SNOW-715524: Add SSO token cache #921

wants to merge 110 commits into from
+836 −151

Conversation

sfc-gh-ext-simba-lf
Copy link
Collaborator

Description

Add SSO token cache

Checklist

  • Code compiles correctly
  • Code is formatted according to Coding Conventions
  • Created tests which fail without the change (if possible)
  • All tests passing (dotnet test)
  • Extended the README / documentation, if necessary
  • Provide JIRA issue id (if possible) or GitHub issue id in PR name

@codecov Codecov
Copy link

codecov bot commented Apr 18, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 87.11656% with 21 lines in your changes missing coverage. Please review.

Project coverage is 87.49%. Comparing base (444a2c1) to head (b4fdf7e).

Files with missing lines Patch % Lines
Snowflake.Data/Core/Tools/BrowserOperations.cs 5.55% 17 Missing ⚠️
...Core/Authenticator/ExternalBrowserAuthenticator.cs 97.08% 3 Missing ⚠️
Snowflake.Data/Core/Session/SFSession.cs 96.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #921      +/-   ##
==========================================
+ Coverage   86.23%   87.49%   +1.25%     
==========================================
  Files         132      133       +1     
  Lines       12664    12721      +57     
  Branches     1299     1305       +6     
==========================================
+ Hits        10921    11130     +209     
+ Misses       1417     1267     -150     
+ Partials      326      324       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sfc-gh-ext-simba-lf sfc-gh-ext-simba-lf marked this pull request as ready for review April 20, 2024 00:42
@sfc-gh-ext-simba-lf sfc-gh-ext-simba-lf requested a review from a team as a code owner April 20, 2024 00:42
sfc-gh-pbulawa
sfc-gh-pbulawa requested changes Apr 30, 2024
View reviewed changes
Snowflake.Data/Snowflake.Data.csproj Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerAdysTechImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerAdysTechImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerFileImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerInMemoryImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerInMemoryImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerInMemoryImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SFSession.cs Outdated Show resolved Hide resolved
@rafael-sotelo
Copy link

Any updates on this PR ? Can I help ? I been waiting for this SSO Token Cache for long time

@sfc-gh-ext-simba-lf
Copy link
Collaborator Author

Any updates on this PR ? Can I help ? I been waiting for this SSO Token Cache for long time

Currently we're trying out different libraries/packages for the credential manager. Then it'll be reviewed if it meets the security requirements

sfc-gh-knozderko
sfc-gh-knozderko requested changes Jun 5, 2024
View reviewed changes
Snowflake.Data/Client/SnowflakeCredentialManager/ISnowflakeCredentialManager.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerInMemoryImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerInMemoryImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManager/SnowflakeCredentialManagerNativeImpl.cs Outdated

namespace Snowflake.Data.Client
{
public class SnowflakeCredentialManagerNativeImpl : ISnowflakeCredentialManager
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could move all the implementations into subpackage Infrastructure

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Snowflake.Data/Core/Authenticator/ExternalBrowserAuthenticator.cs Show resolved Hide resolved
sfc-gh-ext-simba-lf and others added 26 commits July 9, 2024 09:35
@sfc-gh-ext-simba-lf
Close HttpListener before throwing exception
d53dd8f
@sfc-gh-ext-simba-lf
Close HttpListener before throwing exception
98df45e
@sfc-gh-ext-simba-lf
Modify browser timeout test
359cfa3
@sfc-gh-ext-simba-lf
Abort HttpListener before throwing exception
85d04ed
@sfc-gh-ext-simba-lf
Check if browser timeout already reached before getting context
2d39171
@sfc-gh-ext-simba-lf
Use SecureString for tokens
f7be152
@sfc-gh-ext-simba-lf
Add security checks when reading the credential cache json
2f20edd
@sfc-gh-ext-simba-lf
Add error logs when reading the json cache file
ac1d659
@sfc-gh-ext-simba-lf
Merge branch 'master' of https://github.com/snowflakedb/snowflake-con…
8c65f4d 
…nector-net into SNOW-715524-SSO-Token-Cache

# Conflicts:
#	Snowflake.Data.Tests/UnitTests/SFSessionPropertyTest.cs
@sfc-gh-ext-simba-lf
Merge branch 'master' of https://github.com/snowflakedb/snowflake-con…
330fca9 
…nector-net into SNOW-715524-SSO-Token-Cache
@sfc-gh-ext-simba-lf
Merge branch 'master' of https://github.com/snowflakedb/snowflake-con…
fc928fc 
…nector-net into SNOW-715524-SSO-Token-Cache
@sfc-gh-ext-simba-lf
Merge branch 'master' into SNOW-715524-SSO-Token-Cache
d53955a
@sfc-gh-ext-simba-lf
Merge branch 'master' of https://github.com/snowflakedb/snowflake-con…
d6ff05a 
…nector-net into SNOW-715524-SSO-Token-Cache

# Conflicts:
#	Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
@sfc-gh-ext-simba-lf
Merge branch 'master' into SNOW-715524-SSO-Token-Cache
a1a6a31
@sfc-gh-ext-simba-lf
Merge branch 'master' of https://github.com/snowflakedb/snowflake-con…
74963c7 
…nector-net into SNOW-715524-SSO-Token-Cache

# Conflicts:
#	Snowflake.Data/Core/SFError.cs
@sfc-gh-ext-simba-lf
Merge branch 'master' into SNOW-715524-SSO-Token-Cache
126e337
@sfc-gh-ext-simba-lf
Merge branch 'master' of https://github.com/snowflakedb/snowflake-con…
21b9f33 
…nector-net into SNOW-715524-SSO-Token-Cache

# Conflicts:
#	Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
#	Snowflake.Data.Tests/UnitTests/SFSessionPropertyTest.cs
#	Snowflake.Data/Core/Authenticator/ExternalBrowserAuthenticator.cs
#	Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerFileImpl.cs
#	Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerInMemoryImpl.cs
#	Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerWindowsNativeImpl.cs
#	Snowflake.Data/Core/RestResponse.cs
#	Snowflake.Data/Core/SFError.cs
#	Snowflake.Data/Core/Session/SFSession.cs
#	Snowflake.Data/Core/Session/SFSessionParameter.cs
#	Snowflake.Data/Core/Session/SFSessionProperty.cs
#	Snowflake.Data/Core/Tools/FileOperations.cs
#	Snowflake.Data/Core/Tools/UnixOperations.cs
#	doc/Connecting.md
@sfc-gh-ext-simba-lf
Modify external browser test after rebase
17877b8
@sfc-gh-ext-simba-lf
Fix session test
f6a536f
@sfc-gh-ext-simba-lf
Merge branch 'master' into SNOW-715524-SSO-Token-Cache
d0c33e7
@sfc-gh-ext-simba-lf
Merge branch 'master' of https://github.com/snowflakedb/snowflake-con…
06020dd 
…nector-net into SNOW-715524-SSO-Token-Cache
@sfc-gh-ext-simba-lf
Merge branch 'SNOW-715524-SSO-Token-Cache' of https://github.com/snow…
41cadc3 
…flakedb/snowflake-connector-net into SNOW-715524-SSO-Token-Cache
@sfc-gh-ext-simba-lf
Retrigger checks
03fd55c
@sfc-gh-ext-simba-lf
Merge branch 'master' into SNOW-715524-SSO-Token-Cache
0fc3252
@sfc-gh-ext-simba-lf
Replace and remove SFCredentialManagerFactory class
af2fb8c
@sfc-gh-ext-simba-lf
Revert external browser tests
b4fdf7e
sfc-gh-knozderko
sfc-gh-knozderko reviewed Feb 5, 2025
View reviewed changes
Snowflake.Data/Core/Authenticator/ExternalBrowserAuthenticator.cs Outdated

int localPort = GetRandomUnusedPort();
using (var httpListener = GetHttpListener(localPort))
var idToken = new NetworkCredential(string.Empty, session._idToken).Password;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you could use SecureStringHelper.Decode()

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Snowflake.Data/Core/Authenticator/ExternalBrowserAuthenticator.cs Outdated
data.Token = _samlResponseToken;
data.ProofKey = _proofKey;
SetSecondaryAuthenticationData(ref data);
var idToken = new NetworkCredential(string.Empty, session._idToken).Password;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you could use SecureStringHelper.Decode()

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Snowflake.Data/Core/Authenticator/ExternalBrowserAuthenticator.cs
else
{
data.Token = idToken;
data.Authenticator = TokenType.IdToken.GetAttribute<StringAttr>().value;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it will be id_token not externalbrowser?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's for the server response to contain an ID token

It's similar to how other connectors handle it: https://github.com/snowflakedb/snowflake-connector-nodejs/blob/9cae04323ef4f76d91342e80cfef39952fe652c3/lib/authentication/auth_idtoken.js#L28

Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerInMemoryImpl.cs
}
s_logger.Info("Unable to get credentials for the specified key");
return "";
s_logger.Debug($"Getting credentials from memory for key: {key}");
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this extra tab is not needed

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I'm not able to see an extra tab. I checked with the formatter and it doesn't find anything either

Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerWindowsNativeImpl.cs Outdated
@@ -12,7 +12,6 @@

namespace Snowflake.Data.Core.CredentialManager.Infrastructure
{

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would revert this change

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sfc-gh-knozderko sfc-gh-knozderko sfc-gh-knozderko requested changes

@sfc-gh-pbulawa sfc-gh-pbulawa sfc-gh-pbulawa approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sfc-gh-ext-simba-lf @rafael-sotelo @sfc-gh-pbulawa @sfc-gh-knozderko