Skip to content

Add OAuth authentication method for Snowflake#177

Merged
SimonKaran13 merged 2 commits into
mainfrom
ls/sf-oauth
Apr 7, 2026
Merged

Add OAuth authentication method for Snowflake#177
SimonKaran13 merged 2 commits into
mainfrom
ls/sf-oauth

Conversation

@catstrike
Copy link
Copy Markdown
Contributor

@catstrike catstrike commented Apr 2, 2026

Add SnowflakeOAuthAuth

@catstrike catstrike requested review from a team, JulienArzul and Copilot April 2, 2026 22:18
@catstrike catstrike self-assigned this Apr 2, 2026
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Snowflake authentication config model intended to support OAuth-based connections, and exposes it via the package public API.

Changes:

  • Introduces SnowflakeOAuthAuth with a secret token field.
  • Extends SnowflakeConnectionProperties.auth union to accept SnowflakeOAuthAuth.
  • Exports SnowflakeOAuthAuth from databao_context_engine.__init__.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/databao_context_engine/plugins/databases/snowflake/config_file.py Adds OAuth auth model and makes it selectable in Snowflake connection config.
src/databao_context_engine/__init__.py Re-exports the new auth model for external consumers.
Comments suppressed due to low confidence (1)

src/databao_context_engine/plugins/databases/snowflake/config_file.py:47

  • SnowflakeOAuthAuth currently only contributes token into to_snowflake_kwargs(). Snowflake’s Python connector requires authenticator='oauth' (in addition to token) for OAuth-based connections; without setting this, snowflake.connector.connect(**kwargs) will still use the default authenticator and the token will be ignored / auth will fail. Consider either adding an authenticator field to SnowflakeOAuthAuth with a default of 'oauth', or special-casing to_snowflake_kwargs() to inject authenticator='oauth' when self.auth is a SnowflakeOAuthAuth.
    def to_snowflake_kwargs(self) -> dict[str, Any]:
        kwargs = self.model_dump(
            exclude={
                "additional_properties": True,
            },
            exclude_none=True,
        )
        auth_fields = kwargs.pop("auth", {})
        kwargs.update(auth_fields)
        kwargs.update(self.additional_properties)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

JulienArzul
JulienArzul approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@JulienArzul JulienArzul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've checked that it works right?

From what I remember, we flatten the attributes within the auth objects, meaning that the token argument will be passed directly to the Snowflake connect method

@SimonKaran13
Copy link
Copy Markdown
Member

SimonKaran13 commented Apr 7, 2026

@JulienArzul yes, it's tested.

@SimonKaran13 SimonKaran13 merged commit 41099c2 into main Apr 7, 2026
10 checks passed
@SimonKaran13 SimonKaran13 deleted the ls/sf-oauth branch April 7, 2026 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JulienArzul JulienArzul JulienArzul approved these changes

Assignees

@catstrike catstrike

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@catstrike @SimonKaran13 @JulienArzul @mrMakaronka