search

snowflakedb / snowflake-connector-net

Snowflake Connector for .NET
Apache License 2.0
177 stars 135 forks source link

SNOW-1272506: AcquireTokenByUsernamePassword failing to get OAuth token for Snowflake #898

Closed A137722 closed 5 months ago

A137722 commented 6 months ago

Please answer these questions before submitting your issue. In order to accurately debug the issue this information is required. Thanks!

  1. What version of .NET driver are you using? Snowflake.Data (2.1.0)

  2. What operating system and processor architecture are you using? Windows 10

  3. What version of .NET framework are you using? .net8

  4. What did you do? Attempted to get an OAuth token for accessing Snowflake after upgrading projects to .net8

  5. What did you expect to see?

After updating application to .net8, package Microsoft.Identity.Client was also updated to 4.59.0. Since then, I'm unable to get an OAuth token calling AcquireTokenByUsernamePassword. This worked prior with version 4.47.0

oAuthResult = await app.AcquireTokenByUsernamePassword(scopes, $"{FunctionalID}@progressive.com", encodedSecret) .ExecuteAsync(CancellationToken.None);

Throws the following: System.Net.Http.HttpRequestException: 'The SSL connection could not be established, see inner exception.' Inner exception: AuthenticationException: Cannot determine the frame size or a corrupted frame was received.

  1. Can you set logging to DEBUG and collect the logs?

    https://community.snowflake.com/s/article/How-to-generate-log-file-on-Snowflake-connectors

    There is an example in READMD.md file showing you how to enable logging.

  2. What is your Snowflake account identifier, if any? (Optional)
sfc-gh-dszmolka commented 6 months ago

hi and thank you for raising this with us! taking a look

sfc-gh-dszmolka commented 6 months ago

I'll need to set up some infrastructure for this (IdP + configure OAuth) so might take a while. In the meantime, since the issue seems to be closely related to Microsoft.Identity.Client version change; do you think it would be possible to collect debug level logs from the issue happening ?

I really would prefer to make sure the issue actually comes from a software managed by Snowflake, and not anywhere else. Thank you in advance !

sfc-gh-dszmolka commented 5 months ago

had a bit of time to set up the infrastructure, test it, and think a bit about it. Oauth token comes from the IDP. So if a version change in Microsoft.Identity.Client breaks the interaction with your IDP, then maybe this should be the direction to focus on.

Is Snowflake your OAuth IDP ? Like in this configuration: https://docs.snowflake.com/en/user-guide/oauth-snowflake-overview. If so, could you please provide a reproduction code which when run, contacts Snowflake and retrieves the OAuth token? (or, retrieved, with the older Microsoft.Identity.Client version). Please make sure to sanitize any account-specific details.

If Snowflake is not your IDP and you're using the External OAuth setup, then the next phase need to focus on the Microsoft library vs. the non-Snowflake managed IDP.

sfc-gh-dszmolka commented 5 months ago

closing this issue due to inactivity; as suggested please continue debugging this with your IDP (except if you use Snowflake OAuth and we're your IDP, in this case please do comment and we can look further)