Please support OAuth2 authentication method

[spoutrain]

Hi !

Problem description Password and Key-Pair authentication mechanisms are not sufficient:

• Password authentication puts Snowflake as the system of record of user's credentials, which can be against policies in some companies where user's credentials must be managed by a central system
• Key-Pair authentication does not allow usage of MFA, which can be important in some organizations as well

Moreover, since such credentials need to be stored in environment variables, this pose some security risks.

Proposed solution The Snowflake Python connector natively supports the externalbrowser authentication method, which basically asks the user to authenticate through a browser window managed by Snowflake, instead of having such credentials stored in an environment variable. This would be a short, easy and elegant way of solving above-mentioned issues.

Thanks for reading this post, and I love your tool !

[umarh-ccy]

so I had the same issue as you and dug into the source code - the lib uses the snowflake python connector under the hood which supports a number of sign on methods (SSO, MFA, and Key based authentication) so I'd recommend going down that route and perhaps pushing a PR. Personally, I went with a key-based method which works perfectly.

[spoutrain]

Indeed, I saw that. That's why I propose this to be supported natively by Schemachange. We are not comfortable with changing the source code ourselves (yet) though.

We have also gone the key-pair authentication method route, however this method is not secure enough as it does not allow MFA. Considering the level of confidentiality of information with which we are working, this is a requirement from our security group.