SNOW-1694143: Authentication Token Caching is not working with v1.13

[supermacro]

1. What version of NodeJS driver are you using?

1.13.1

2. What operating system and processor architecture are you using?

MacOSX 14.17 (Sonoma) on M3 macbook pro

3. What version of NodeJS are you using?

node v20.17.0
pnpm 9.11.0

4. What are the component versions in the environment (npm list)?

Legend: production dependency, optional only, dev only

[email protected] /Users/gio/dev/sf-nodejs-driver-test

dependencies:
snowflake-sdk 1.13.1

5.Server version:* E.g. 1.90.1

8.36.2

6. What did you do?

#820 Implemented sso token caching. However token caching does not work in version 1.13.1 of this lib (and possibly other versions). Every new connection fails to use the id token that is written to disk.

Issues found:

• in order for an ID token to be written to disk, clientStoreTemporaryCredential needs to be set to true in the connection config, yet it's not a field defined in index.d.ts.
• Every new connection initiates a new SSO flow. An id token is cached to $HOME correctly, but it is not read or used by the snowflake-sdk

To reproduce the issue, run the code snippet below TWICE.

const sf = require('snowflake-sdk')

const conn = sf.createConnection({
  username: '<redacted>',
  account: '<redacted>',
  authenticator: 'externalbrowser',
  database: '<redacted>',
  schema: '<redacted>',
  clientStoreTemporaryCredential: true,
})

conn.connectAsync((err, econnected) => {
  if (err) {
    console.error('Unable to connect: ' + err.message);
    return
  }

  console.log('Connection successfully established!')
})

7. What did you expect to see?

The expected behaviour when you run the above code snippet twice is:

• First run opens up a new browser tab to initiate external SSO flow
• Second run DOES NOT open a new browser tab and instead snowflake-sdk uses id token inside of temporary_credential.json file that was written to disk during initial authentication flow

However, the current behaviour is that a new browser tab is opened to initiate the external SSO flow and the cached token is not used. See screenshot for proof that a token is cached to disk at $HOME

8. Can you set logging to DEBUG and collect the logs?

{"level":"INFO","message":"[10:15:19.480 AM]: Connecting to GLOBAL Snowflake domain"}
{"level":"INFO","message":"[10:15:19.484 AM]: Custom credential manager is set by a user."}
{"level":"INFO","message":"[10:15:19.487 AM]: Trying to initialize Easy Logging"}
{"level":"INFO","message":"[10:15:19.487 AM]: No client config file found in default directories"}
{"level":"INFO","message":"[10:15:19.487 AM]: Easy Logging is disabled as no config has been found"}
Connection successfully established!

9. What is your Snowflake account identifier, if any? (Optional)

COPLANE.JRB00548

[tarruda]

I'm unable to use externalbrowser authentication.

Using the same settings as @supermacro , I get the following logs:

Update: Ignore it, I was using wrong credentials.

I confirm what @supermacro said, every new connection starts a new flow.

If I apply #918, things work correctly

[sfc-gh-dszmolka]

thank for reporting this ! so tested the feature when it was released with v1.12.0 and it worked - it still works today with v1.12.0

but something between v1.12.0 (initial release of the feature) and v1.13.1 (latest) broke because i can confirm, it doesn't work anymore with v1.13.1

as a workaround you can consider using v1.12.0 while the issue is fixed. also thank you for the PR suggestion !

[vimota]

I think this might've broken it: eddce19 - it removed passing in the connectionConfig even though connectAsync updates the connectionConfig in place

[sfc-gh-dszmolka]

confirmed - this broke it indeed. working on a fix. workaround is to use v1.12.0 (or @supermacro 's patch)

[sfc-gh-dszmolka]

issues is fixed now with #919 , thank you for your contribution @supermacro and detailed analysis !
awaiting release

[sfc-gh-dszmolka]

released with Snowflake Node.js driver version 1.14.0 in September 2024 release cycle