snowflakedb / snowflake-connector-nodejs

NodeJS driver
Apache License 2.0
125 stars 132 forks source link

SNOW-1799839: Authenticated Snowflake Rest API requests via JWT generation in SDK. #956

Open mbrimmer83 opened 1 week ago

mbrimmer83 commented 1 week ago

What is the current behavior?

The current sdk can use JWT to secure connections to Snowflake, but provides no way to reuse this authentication for utilizing rest-api services provided by Snowflake even though the authentication is the same for rest-api's.

I haven't found a way to utilize the SDK to authenticate rest-api requests and have resorted to generating my own tokens the same way the SDK generates tokens.

What is the desired behavior?

Expose Authentication functions for generating JWT for use in querying Snowflake rest-api services. Another option would be to expose an authenticated "fetch" function that handles generating the token and placing it in the headers.

How would this improve snowflake-connector-nodejs?

Extends The SDK and allows the use of additional services provided by Snowflake.

References, Other Background

sfc-gh-dszmolka commented 1 week ago

hi - thanks for raising this. While i fully understand how this would be beneficial, and is generally a good idea, i'm not entirely sure it's related to this very library in which the request is raised. I mean, wouldn't that be analogous to authenticating with

I think this request might not be at the best place with the node.js driver, because it is not really related to one specific programming language or driver. More likely, a use-case instead.

Do I understand this requirement correctly? If so, I would request you to please raise it with your account team, who can then coordinate the work necessary between the teams to have this implemented across all Snowflake drivers.

edit: for the 'generating JWT with the SDK' part - I think what you're doing now, generating your own JWT, is the intended and documented way of authenticating into Snowflake's REST API's. Please see examples at Using key-pair authentication (Python, Java, Node.js and for whom the CLI is more convenient; SnowSQL)

mbrimmer83 commented 1 week ago

Thank you for the explanation. I understand the point about this being a broader use case across multiple drivers. However, as a developer, I don’t interact with account representatives, so I don’t have a direct line to raise these types of requests.

Would it be possible for you to forward this feedback to the appropriate team internally? That way is can be discussed internally as to whether this functionality would benefit Snowflake users.

sfc-gh-dszmolka commented 1 week ago

The request is already with the respective team. The sole reason i suggested reaching out to your Snowflake Account Team is because they have a deeper voice ;) and have data at their disposal which can help certain requests getting prioritized, if that's the goal here. I understand this is not applicable in your situation.

Otherwise, we'll get to this, eventually.