search

snowflakedb / gosnowflake

Go Snowflake Driver
Apache License 2.0
292 stars 122 forks source link

SNOW-675319: Support JWT authentication by passing in a valid JWT token directly in the DSN #671

Open mihaitodor opened 1 year ago

mihaitodor commented 1 year ago

Issue description

Currently, I can use the following DSN: <snowflake_user>@<snowflake_account>/<db_name>/<schema_name>?warehouse=<warehouse>&role=<role>&authenticator=snowflake_jwt&privateKey=<bae64_url_encoded_private_key>.

However, it's not a good security practice to embed the private key into the DSN, so I'd rather pass in a generated JWT like so: <snowflake_user>@<snowflake_account>/<db_name>/<schema_name>?warehouse=<warehouse>&role=<role>&authenticator=snowflake_jwt&token=<jwt_token>. Unfortunately, this doesn't work, because the current implementation expects to derive the JWT token from the private key here. It also panics if the privateKey parameter isn't set, but that should yield a validation error instead...

It would be great to allow users to pass in a JWT token directly as an alternative to privateKey when authenticator=snowflake_jwt.

Example code

N/A

Error log

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1022b4e78]

goroutine 10 [running]:
crypto/rsa.(*PrivateKey).Public(...)
        /usr/local/Cellar/go/1.19.2/libexec/src/crypto/rsa/rsa.go:113
github.com/snowflakedb/gosnowflake.prepareJWTToken(0xc000fd6820)
        /Users/ntodor/Projects/go/pkg/mod/github.com/snowflakedb/gosnowflake@v1.6.13/auth.go:391 +0x38
github.com/snowflakedb/gosnowflake.authenticate({0x103935508, 0xc000196010}, 0xc000bee3c0, {0x0, 0x0, 0x10cb5b608?}, {0x0, 0x0, 0x103937d48?})
        /Users/ntodor/Projects/go/pkg/mod/github.com/snowflakedb/gosnowflake@v1.6.13/auth.go:308 +0x8f4
github.com/snowflakedb/gosnowflake.authenticateWithConfig(0xc000bee3c0)
        /Users/ntodor/Projects/go/pkg/mod/github.com/snowflakedb/gosnowflake@v1.6.13/auth.go:453 +0x345
github.com/snowflakedb/gosnowflake.SnowflakeDriver.OpenWithConfig({}, {_, _}, {{0xc0007d0018, 0x9}, {0xc000f0e018, 0x15}, {0x0, 0x0}, {0xc0007d0049, ...}, ...})
        /Users/ntodor/Projects/go/pkg/mod/github.com/snowflakedb/gosnowflake@v1.6.13/driver.go:40 +0x105
github.com/snowflakedb/gosnowflake.SnowflakeDriver.Open({}, {0xc0007d0000, 0x327})
        /Users/ntodor/Projects/go/pkg/mod/github.com/snowflakedb/gosnowflake@v1.6.13/driver.go:23 +0x133
database/sql.dsnConnector.Connect(...)
        /usr/local/Cellar/go/1.19.2/libexec/src/database/sql/sql.go:759
database/sql.(*DB).conn(0xc000560820, {0x103935508, 0xc000196008}, 0x1)
        /usr/local/Cellar/go/1.19.2/libexec/src/database/sql/sql.go:1393 +0x763
database/sql.(*DB).query(0x102b99360?, {0x103935508, 0xc000196008}, {0xc000bda2a0, 0x29}, {0x0, 0x0, 0x0}, 0x0?)
        /usr/local/Cellar/go/1.19.2/libexec/src/database/sql/sql.go:1730 +0x5d
database/sql.(*DB).QueryContext(0x0?, {0x103935508, 0xc000196008}, {0xc000bda2a0, 0x29}, {0x0, 0x0, 0x0})
        /usr/local/Cellar/go/1.19.2/libexec/src/database/sql/sql.go:1708 +0xda
database/sql.(*DB).Query(0xc0002328c0?, {0xc000bda2a0?, 0x10ccc81f8?}, {0x0?, 0x0?, 0x0?})
        /usr/local/Cellar/go/1.19.2/libexec/src/database/sql/sql.go:1726 +0x45

Configuration

Driver version (or git SHA): v1.6.13

Go version: go1.19.2 darwin/amd64

Server version: 6.32.3

Client OS: OSX Monterey 12.6

sfc-gh-dszmolka commented 1 year ago

thank you for raising this enhancement request with us - we'll consider adding the capability, but i cannot commit to any estimated timelines. thank you for bearing with us !