SNOW-1677211: Password with double quote character causes Okta authenticator to fail

[ehclark]

Please answer these questions before submitting your issue.
In order to accurately debug the issue this information is required. Thanks!

1. What version of JDBC driver are you using? 3.14.4 (but a code review shows this bug still exists in the current master branch)

2. What operating system and processor architecture are you using? MacOS amd64

3. What version of Java are you using? Temurin 11

4. What did you do?

package net.snowflake.client;

import java.sql.Connection;
import java.util.Properties;
import net.snowflake.client.jdbc.SnowflakeDriver;

public class Ping {
    public static void main(String[] args) throws Exception {
        Properties props = new Properties();
        props.setProperty("USER", "***");
        props.setProperty("AUTHENTICATOR", "https://***.okta.com/");
        props.setProperty("PASSWORD", "This\"ismypassword");
        props.setProperty("DB", "***");
        props.setProperty("SCHEMA", "***");
        SnowflakeDriver driver = new SnowflakeDriver();
        try (Connection conn = driver.connect("jdbc:snowflake://***.snowflakecomputing.com", props)) {
            conn.createStatement().executeQuery("SELECT CURRENT_USER()");
        }
    }
}

6. What did you expect to see?
   Expectation is that the program will connect and execute the query successfully. Instead the following error is emitted:

Sep 23, 2024 8:33:19 AM net.snowflake.client.jdbc.RestRequest execute
SEVERE: Error response: HTTP Response code: 400, request: POST https://partnershealthcare.okta.com/api/v1/authn HTTP/1.1
Sep 23, 2024 8:33:19 AM net.snowflake.client.core.HttpUtil executeRequestInternal
SEVERE: Error executing request: POST https://partnershealthcare.okta.com/api/v1/authn HTTP/1.1
Sep 23, 2024 8:33:19 AM net.snowflake.client.jdbc.SnowflakeUtil logResponseDetails
SEVERE: Response status line reason: Bad Request
Sep 23, 2024 8:33:19 AM net.snowflake.client.jdbc.SnowflakeUtil logResponseDetails
SEVERE: Response content: {"errorCode":"E0000003","errorSummary":"The request body was not well-formed.","errorLink":"E0000003","errorId":"oaehNi0IwQeQNSFpm0TonOSjg","errorCauses":[]}
[WARNING] 
net.snowflake.client.jdbc.SnowflakeSQLException: JDBC driver encountered communication error. Message: HTTP status=400.
    at net.snowflake.client.core.HttpUtil.executeRequestInternal (HttpUtil.java:775)
    at net.snowflake.client.core.HttpUtil.executeRequestWithoutCookies (HttpUtil.java:564)
    at net.snowflake.client.core.SessionUtil.federatedFlowStep3 (SessionUtil.java:1192)
    at net.snowflake.client.core.SessionUtil.getSamlResponseUsingOkta (SessionUtil.java:1355)
    at net.snowflake.client.core.SessionUtil.newSession (SessionUtil.java:392)
    at net.snowflake.client.core.SessionUtil.openSession (SessionUtil.java:298)
    at net.snowflake.client.core.SFSession.open (SFSession.java:524)
    at net.snowflake.client.jdbc.DefaultSFConnectionHandler.initialize (DefaultSFConnectionHandler.java:112)
    at net.snowflake.client.jdbc.DefaultSFConnectionHandler.initializeConnection (DefaultSFConnectionHandler.java:85)
    at net.snowflake.client.jdbc.SnowflakeConnectionV1.initConnectionWithImpl (SnowflakeConnectionV1.java:116)
    at net.snowflake.client.jdbc.SnowflakeConnectionV1.<init> (SnowflakeConnectionV1.java:96)
    at net.snowflake.client.jdbc.SnowflakeDriver.connect (SnowflakeDriver.java:206)
    at net.snowflake.client.Ping.main (Ping.java:16)
    at org.codehaus.mojo.exec.ExecJavaMojo$1.run (ExecJavaMojo.java:279)
    at java.lang.Thread.run (Thread.java:829)
[INFO] --------------------------------------

The underlying cause is that in SessionUtil.federatedFlowStep3 the JSON payload sent to Okta endpoint is not properly escaped.

[sfc-gh-wfateem]

Hi @ehclark,

Thanks for reporting the issue. We'll take a look into it.

Yes, it looks like we need to escape both the " and \ characters if they exist in the password.