I am currently building a Streamlit application that integrates GitHub OAuth for user authentication and connects to Snowflake with Multi-Factor Authentication (MFA) enabled. While I have made progress, I am encountering challenges in successfully establishing a handshake between Snowflake and GitHub OAuth to retrieve and manage tokens.
Objective:
- Authenticate users via GitHub OAuth within the Streamlit app.
- Use the obtained token to connect to Snowflake, ensuring MFA compliance.
- Seamlessly handle authentication and secure token exchange between all components.
What I Have Done So Far:
- GitHub OAuth Setup:
- Registered the app on GitHub and obtained the Client ID and Client Secret.
- Configured the redirect URI to point to the Streamlit application.
- Implemented an OAuth2 flow using
authlib
to authenticate users with GitHub.
- Snowflake Setup:
- Enabled MFA for enhanced security.
- Configured user roles and permissions for database access.
Challenges Faced:
- Token Handshake:
- After obtaining the GitHub OAuth token, I am unsure how to exchange it or configure it for Snowflake authentication.
- Snowflake requires either JWT tokens or other supported authentication methods, and I’m unclear how to integrate this with GitHub’s OAuth tokens.
- OAuth and MFA Coordination:
- While GitHub OAuth authentication is successful, I am unable to programmatically handle Snowflake’s MFA when establishing a connection.
- Lack of clarity on token validation and exchange between GitHub and Snowflake.
Questions:
- How can I use the OAuth token obtained from GitHub to authenticate with Snowflake securely?
- What is the recommended approach for handling MFA in this scenario, especially for programmatic access?
- Are there specific configurations or libraries that simplify this integration (e.g., mapping OAuth tokens to Snowflake roles)?
Expected Outcome:
- A Streamlit application that:
- Authenticates users through GitHub OAuth.
- Uses the GitHub OAuth token (or an exchanged token) to connect to Snowflake securely.
- Manages MFA requirements seamlessly during authentication.
Any guidance, examples, or references to documentation would be immensely helpful. Thank you in advance for your support and expertise!