Skip to content

Snow 1917307 refresh token #1040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 13 commits into from
Closed

Snow 1917307 refresh token #1040

wants to merge 13 commits into from

Conversation

sfc-gh-pmotacki
Copy link
Contributor

Description

Please explain the changes you made here.

Checklist

  • Format code according to the existing code style (run npm run lint:check -- CHANGED_FILES and fix problems in changed code)
  • Create tests which fail without the change (if possible)
  • Make all tests (unit and integration) pass (npm run test:unit and npm run test:integration)
  • Extend the types in index.d.ts file (if necessary)
  • Extend the README / documentation and ensure is properly displayed (if necessary)
  • Provide JIRA issue id (if possible) or GitHub issue id in commit message

@sfc-gh-pmotacki sfc-gh-pmotacki changed the base branch from master to SNOW-1979798-client-credentials March 27, 2025 09:17
@sfc-gh-snowflakedb-snyk-sa
Copy link
Contributor

sfc-gh-snowflakedb-snyk-sa commented Mar 27, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

@sfc-gh-pmotacki sfc-gh-pmotacki force-pushed the SNOW-1979798-client-credentials branch from 9093de5 to 5448f6c Compare March 27, 2025 13:38
@sfc-gh-pmotacki sfc-gh-pmotacki marked this pull request as ready for review March 27, 2025 13:52
@sfc-gh-pmotacki sfc-gh-pmotacki requested a review from a team as a code owner March 27, 2025 13:52
@sfc-gh-pmotacki sfc-gh-pmotacki changed the base branch from SNOW-1979798-client-credentials to master March 27, 2025 13:56
@sfc-gh-pmotacki sfc-gh-pmotacki changed the base branch from master to SNOW-1979798-client-credentials March 27, 2025 13:56
@sfc-gh-pmotacki sfc-gh-pmotacki force-pushed the SNOW-1917307-refresh-token branch from dbc19a0 to ea77ff9 Compare March 27, 2025 14:18
sfc-gh-dheyman
sfc-gh-dheyman reviewed Mar 28, 2025
View reviewed changes
lib/authentication/auth_oauth_authorization_code.js Outdated
token = await requestToken(as, tokenUrl, client, clientAuth, params, redirectUri, codeVerifier);

//verify that there is access token in the cache
const accessTokenFromCache = await GlobalConfig.getCredentialManager().read(accessTokenKey);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps extract credentialManager to a variable/member?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK

lib/authentication/auth_oauth_client_credentials.js
globalThis.crypto ??= require('node:crypto').webcrypto;
await this.loadOauth4webapi(); // import module using the dynamic import
// const codeChallengeMethod = 'S256';
const as = { issuer: 'UNKNOWN' };
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment why this is needed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added.

lib/authentication/auth_oauth_authorization_code.js Outdated
//cache refresh token
Logger.getInstance().debug(
`Received new OAuth refresh token from: Host: ${tokenUrl.host} Path: ${tokenUrl.pathname}`);
await GlobalConfig.getCredentialManager().remove(refreshTokenKey);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we have to remove it first? Won't it get replaced?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming that underneath there is a map type. I'm a little afraid about custom CacheManager implementation but it looks logical that cache could protect before containing rows with duplicated keys.

lib/constants/gs_errors.js
@@ -4,6 +4,7 @@ code.INCORRECT_USERNAME_PASSWORD = '390100';
code.SESSION_TOKEN_INVALID = '390104';
code.GONE_SESSION = '390111';
code.SESSION_TOKEN_EXPIRED = '390112';
code.OAUTH_TOKEN_EXPIRED = '390318';
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in JDBC I also handle scenario for this code: OAUTH_ACCESS_TOKEN_INVALID_GS_CODE = 390303;

@sfc-gh-pmotacki sfc-gh-pmotacki force-pushed the SNOW-1917307-refresh-token branch 2 times, most recently from 53f6d88 to 235d87b Compare March 31, 2025 04:45
@sfc-gh-pmotacki sfc-gh-pmotacki changed the base branch from SNOW-1979798-client-credentials to master March 31, 2025 04:51
@sfc-gh-pmotacki sfc-gh-pmotacki force-pushed the SNOW-1917307-refresh-token branch from 598ce2e to 6153e48 Compare March 31, 2025 07:45
@sfc-gh-pmotacki sfc-gh-pmotacki force-pushed the SNOW-1917307-refresh-token branch from 22dcb2c to 4d9fafe Compare April 1, 2025 14:18
@sfc-gh-pmotacki sfc-gh-pmotacki changed the base branch from master to SNOW-1979798-client-credentials April 2, 2025 13:46
@github-actions github-actions bot locked and limited conversation to collaborators Jul 29, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sfc-gh-dheyman sfc-gh-dheyman sfc-gh-dheyman left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sfc-gh-pmotacki @sfc-gh-snowflakedb-snyk-sa @sfc-gh-dheyman @sfc-gh-rsavenok @sfc-gh-dszmolka