SNOW-2341451: externalbrowser support for headless environments #2537
Description
What is the current behavior?
When running Airflow in a browserless and consoleless environment, it's currently not possible to authenticate to Snowflake via SAML / a browser URL (externalbrowser).
For example, here is my attempt at doing so using Airflow inside of a Docker container on my Laptop.
What is the desired behavior?
Ideally, I'd be able to use my own browser on my laptop by clicking the link.
I think optimally, the redirect would stay on the Snowflake / internet side. The connector python code would poll from a snowflake service, and once the user opens the URL, Snowflake would provide a token to the application. Sort of how you connect your TV to a Streaming service -- you scan a QR code / URL on your phone, log in, and then (without the phone connecting directly to the TV) the streaming service allows the TV to connect. On our end, this would make direct network connections / port forwards between my laptop & the connector unnecessary.
This, however, would require several different changes on the backend and frontend.
Another much less invasive option would be to run the listening server even if the browser wasn't detected. This could be in the background / simultaneous to the input method.
Or most simply, ignoring any browser failures and continuing with the existing behavior.
This would allow the auth to work in seemingly browserless and headless environments -- the connector would log the URL, and I would manually open it. The redirect would take me to localhost:$SF_AUTH_SOCKET_PORT, which I would port-forward into the docker container, and the token would be read & used for further connections.
How would this improve snowflake-connector-python?
The snowflake-connector-python library would be fully usable inside of docker desktop, where a tty or browser may or may not always be avaliable.
References and other background
I have a branch of the last solution working, and will attach it to this ticket shortly.