Skip to content

Snowflake: Support optional scope in OAuth token request #58871

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
potiuk merged 2 commits into from
Dec 1, 2025
Merged

Snowflake: Support optional scope in OAuth token request #58871

potiuk merged 2 commits into from
Dec 1, 2025

Conversation

@SameerMesiah97
Copy link
Contributor

@SameerMesiah97 SameerMesiah97 commented Nov 30, 2025
edited
Loading

Summary

This PR adds support for the OAuth scope parameter in the SnowflakeHook and adds the associated OAuth tests to correctly validate both scoped and unscoped token requests. Previously, the scope value was not included in the Snowflake OAuth token request.

Details

Ensures consistent handling of the scope parameter across all OAuth grant types. Adds test that reflect the real execution path.

Notes

Although the original issue focused on adding scope support for the client_credentials grant type, scope can also be optionally included when using the refresh_token OAuth flow. This PR provides a general implementation that supports both.

Closes: #58815

@boring-cyborg
Copy link

boring-cyborg bot commented Nov 30, 2025

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
Here are some useful points:

  • Pay attention to the quality of your code (ruff, mypy and type annotations). Our prek-hooks will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
  • Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: dev@airflow.apache.org
    Slack: https://s.apache.org/airflow-slack

@boring-cyborg boring-cyborg bot added area:providers kind:documentation provider:snowflake Issues related to Snowflake provider labels Nov 30, 2025
@SameerMesiah97 SameerMesiah97 mentioned this pull request Nov 30, 2025
Closed
2 tasks
@SameerMesiah97 SameerMesiah97 force-pushed the 58815-Snowflake-Oauth-Scope branch from a5e617d to 47fcbea Compare November 30, 2025 22:54
Support optional scope in OAuth token request
2e8366a 
Omit scope field when unset instead of defaulting to None, and add tests for scoped and unscoped OAuth requests

Fix SnowflakeHook OAuth tests to correctly handle client_credentials flow

Docs: Add ``scope`` parameter description for OAuth in SnowflakeHook

Fixed tests to ensure client_credentials code path is tested instead of refresh token

Fixed formatting issues and removed extraneous comments
@SameerMesiah97 SameerMesiah97 force-pushed the 58815-Snowflake-Oauth-Scope branch from 47fcbea to 2e8366a Compare December 1, 2025 00:12
@prdai
Copy link
Contributor

prdai commented Dec 1, 2025

i think there is another pr for the same thing? #58863

@SameerMesiah97
Copy link
Contributor Author

SameerMesiah97 commented Dec 1, 2025

i think there is another pr for the same thing? #58863

Please see my comment on the existing issue.

@potiuk potiuk merged commit 1c142ec into apache:main Dec 1, 2025
82 checks passed
@boring-cyborg
Copy link

boring-cyborg bot commented Dec 1, 2025

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.

RoyLee1224 pushed a commit to RoyLee1224/airflow that referenced this pull request Dec 3, 2025
@SameerMesiah97 @RoyLee1224
Support optional scope in OAuth token request (apache#58871)
8026532 
Omit scope field when unset instead of defaulting to None, and add tests for scoped and unscoped OAuth requests

Fix SnowflakeHook OAuth tests to correctly handle client_credentials flow

Docs: Add ``scope`` parameter description for OAuth in SnowflakeHook

Fixed tests to ensure client_credentials code path is tested instead of refresh token

Fixed formatting issues and removed extraneous comments

Co-authored-by: Sameer Mesiah <smesiah971@gmail.com>
Copilot AI pushed a commit to jason810496/airflow that referenced this pull request Dec 5, 2025
@SameerMesiah97
Support optional scope in OAuth token request (apache#58871)
ec2890e 
Omit scope field when unset instead of defaulting to None, and add tests for scoped and unscoped OAuth requests

Fix SnowflakeHook OAuth tests to correctly handle client_credentials flow

Docs: Add ``scope`` parameter description for OAuth in SnowflakeHook

Fixed tests to ensure client_credentials code path is tested instead of refresh token

Fixed formatting issues and removed extraneous comments

Co-authored-by: Sameer Mesiah <smesiah971@gmail.com>
itayweb pushed a commit to itayweb/airflow that referenced this pull request Dec 6, 2025
@SameerMesiah97 @itayweb
Support optional scope in OAuth token request (apache#58871)
133a81f 
Omit scope field when unset instead of defaulting to None, and add tests for scoped and unscoped OAuth requests

Fix SnowflakeHook OAuth tests to correctly handle client_credentials flow

Docs: Add ``scope`` parameter description for OAuth in SnowflakeHook

Fixed tests to ensure client_credentials code path is tested instead of refresh token

Fixed formatting issues and removed extraneous comments

Co-authored-by: Sameer Mesiah <smesiah971@gmail.com>
@potiuk potiuk mentioned this pull request Dec 9, 2025
Closed
52 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@potiuk potiuk potiuk approved these changes

Assignees

No one assigned

Labels

area:providers kind:documentation provider:snowflake Issues related to Snowflake provider

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support passing an OAuth scope parameter in Snowflake client_credentials flow

3 participants

@SameerMesiah97 @prdai @potiuk