SNOW-1692674: Unable to auth with custom Okta url

[jmeekinsint]

Please answer these questions before submitting your issue.
In order to accurately debug the issue this information is required. Thanks!

1. What version of GO driver are you using?
   Latest Version

2. What operating system and processor architecture are you using?
   OSX - intel

3. What version of GO are you using?
   run go version in your console

4.Server version:* E.g. 1.90.1
You may get the server version by running a query:

SELECT CURRENT_VERSION();

5. What did you do?

When using Okta custom url for the okta_url - unable to authentication because it only accepts *.okta.com

6. What did you expect to see?

I would like to see the ability to provide the custom okta url for authentication

[sfc-gh-dszmolka]

hi - thanks for raising this. can you please provide the relevant configuration bit from your program, how you configure the authenticator ? of course if needed, please mask out the actual URL, i would like to see the format only. thank you !

edit reason for asking because if you configure authentication: https://<somehost> then it must indeed end with .okta.com at this moment because this scenario would be the configuration Native Okta and at this moment it must be .okta.com as documented

at this moment no other (custom) format for Native Okta is supported, of course this can be handled as a feature request to support it. but first it would be great to get confirmation about how you use the authenticator.

[jmeekinsint]

Example of this would be - dsn := "serviceaccount:password@accountname/dbname/schemaname?authenticator=https://myapps.companyname.com"

where https://myapps.companyname.com is the main Okta url used and configured within snowflake.

Python does allow for this type of connection using the python snowflake connector library.

example:

sfAccount: str = 'account', # Put Account Name here from the SF URL (left of .snowflake.com)
sfauthenticator: str = 'https://myapps.example.com/snowflake/okta', # Put the Authenticator URL here

ctx = snowflake.connector.connect(
    user='[email protected]',
    password='xxxxx',
    account=sfAccount,
    authenticator=sfauthenticator,
)
cs = ctx.cursor()
print(cs)

[sfc-gh-dszmolka]

thank you for sending the example; good to confirm your use-case indeed relevant to the Native Okta authenticator, and especially using custom domain for the IdP.

indeed, PythonConnector and some other drivers (for example the node.js one) already support custom URL for Native Okta auth, gosnowflake doesn't support it yet. we'll look at this enhancement request and i'll keep this ticket posted with the progress (no timeline estimated)

[jmeekinsint]

Thank you, I do see some other support. My main use case is related to terraform which is written to use the Go driver as of now.

[sfc-gh-dszmolka]

got you, so externalbrowser is probably not an alternative for you. until this gets implemented (and, Snowflake Terraform Provider rebased on the future gosnowflake version which will support custom Okta URL..), would keypair or oauth authentications be a workaround for you? both allow for noninteractive auth and already supported by gosnowflake

[sfc-gh-dszmolka]

PR under review #1216

[sfc-gh-dszmolka]

PR is merged and will be part of the next upcoming release cycle. (Usually we release towards end of a given month)

[jmeekinsint]

Awesome, I appreciate it. Thank you very much <snip>

[sfc-gh-dszmolka]

released with v1.12.0 in October 2024 release cycle