Suraj-kumar00 commented on issue #62037: URL: https://github.com/apache/airflow/issues/62037#issuecomment-3922237129
Hey @Poornima030596 👋, I've done some investigation and here's what I found: After analyzing the codebase and the [Snowflake PAT docs](https://docs.snowflake.com/en/user-guide/programmatic-access-tokens), PATs can be used in **two ways:** * **As a password** passed directly to `snowflake.connector.connect(password=<PAT>)` * **As a bearer token for REST/SQL APIs** — via `Authorization: Bearer <PAT>` with header `X-Snowflake-Authorization-Token-Type: PROGRAMMATIC_ACCESS_TOKEN` ### Current state of the Airflow Snowflake provider: **`SnowflakeHook` (Python connector path):** PATs already work here the password is passed straight through to the connector. Only a docs update is needed to mention PAT as a supported auth method in the *Password* field. **`SnowflakeSqlApiHook` (SQL API path):** This is where the actual gap exists. `get_headers()` currently supports only OAuth and JWT key-pair auth. There's no code path to send a PAT as a bearer token with the required `X-Snowflake-Authorization-Token-Type: PROGRAMMATIC_ACCESS_TOKEN` header. > Note: The SnowflakeSqlApiOperator docstring currently says "This Operator currently uses key pair authentication" this is already stale since OAuth support was added later. This will also be updated as part of the PR. ### Proposed approach: * **Docs-only for `SnowflakeHook`** document that PATs can be used in the *Password* field * **Code + Docs for `SnowflakeSqlApiHook`** add a new auth path in `get_headers()` triggered by `authenticator: programmatic_access_token` in connection extras, which sends the PAT as a bearer token with the correct header * **Fix stale docstring** in SnowflakeSqlApiOperator Would appreciate feedback on this approach before I submit the PR. cc @eladkal @jroachgolf84 @potiuk -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
