SNOW-2019488: Allow the (Base64 encoded) private key to be stored in the connection password

[jborgland]

What is the current behavior?

When using key pair authentication (snowflake_jwt) the private key can be passed to the driver in three ways - by specifying the path to a file containing the file, by passing the already instantiated key or by passing the Base64 encoded key file - all using different connection properties.

What is the desired behavior?

That if authenticator is set to snowflake_jwt and none of privatekey, private_key_base64 or private_key_file is specified then the driver assumes that the Base64 enoded key is provided through the connection password. The driver already has this type of behavior when authenticator is set to oauth (if no token property is specified then the token is assumed to be given through the connection password)

How would this improve snowflake-jdbc?

It would make it easy to use key pair authentication also when using connection pools and such.

References, Other Background

https://docs.snowflake.com/en/developer-guide/jdbc/jdbc-parameters#token

With the upcoming enforcing of MFA for accounts using username/password authentication this becomes important (especially to support older versions of applications and similar).

[sfc-gh-sghosh]

Hello @jborgland ,

Thanks for raising the issue, we are looking into it.

[jborgland]

Judging from release notes for version 3.23.0 of the JDBC driver it looks like you're also adding support for the Client Credentials Flow to the driver. In that case I request that you also implement the same kind of behavior there.