How to Integrate GitHub OAuth Client with Streamlit for Snowflake Access with MFA?

I am currently building a Streamlit application that integrates GitHub OAuth for user authentication and connects to Snowflake with Multi-Factor Authentication (MFA) enabled. While I have made progress, I am encountering challenges in successfully establishing a handshake between Snowflake and GitHub OAuth to retrieve and manage tokens.


Objective:

  • Authenticate users via GitHub OAuth within the Streamlit app.
  • Use the obtained token to connect to Snowflake, ensuring MFA compliance.
  • Seamlessly handle authentication and secure token exchange between all components.

What I Have Done So Far:

  1. GitHub OAuth Setup:
  • Registered the app on GitHub and obtained the Client ID and Client Secret.
  • Configured the redirect URI to point to the Streamlit application.
  • Implemented an OAuth2 flow using authlib to authenticate users with GitHub.
  1. Snowflake Setup:
  • Enabled MFA for enhanced security.
  • Configured user roles and permissions for database access.

Challenges Faced:

  1. Token Handshake:
  • After obtaining the GitHub OAuth token, I am unsure how to exchange it or configure it for Snowflake authentication.
  • Snowflake requires either JWT tokens or other supported authentication methods, and I’m unclear how to integrate this with GitHub’s OAuth tokens.
  1. OAuth and MFA Coordination:
  • While GitHub OAuth authentication is successful, I am unable to programmatically handle Snowflake’s MFA when establishing a connection.
  • Lack of clarity on token validation and exchange between GitHub and Snowflake.

Questions:

  1. How can I use the OAuth token obtained from GitHub to authenticate with Snowflake securely?
  2. What is the recommended approach for handling MFA in this scenario, especially for programmatic access?
  3. Are there specific configurations or libraries that simplify this integration (e.g., mapping OAuth tokens to Snowflake roles)?

Expected Outcome:

  • A Streamlit application that:
    • Authenticates users through GitHub OAuth.
    • Uses the GitHub OAuth token (or an exchanged token) to connect to Snowflake securely.
    • Manages MFA requirements seamlessly during authentication.

Any guidance, examples, or references to documentation would be immensely helpful. Thank you in advance for your support and expertise!