snowflakedb · sfc-gh-klin · Feb 7, 2025 · Feb 5, 2025 · Feb 6, 2025
@@ -7,12 +7,14 @@ const AuthWeb = require('./auth_web');
 /**
  * Creates an ID token authenticator.
  *
- * @param {String} token
- *
- * @returns {Object}
+ * @param {Object} connectionConfig
+ * @param {Object} httpClient
+ * @param {module} webbrowser
+ * 
+ * @returns {Object} the authenticator
  * @constructor
  */
-function AuthIDToken(connectionConfig, httpClient) {
+function AuthIDToken(connectionConfig, httpClient, webbrowser) {
 
   this.idToken = connectionConfig.idToken;
 
@@ -31,7 +33,7 @@ function AuthIDToken(connectionConfig, httpClient) {
   this.authenticate = async function () {};
 
   this.reauthenticate = async function (body) {
-    const auth = new AuthWeb(connectionConfig, httpClient);
+    const auth = new AuthWeb(connectionConfig, httpClient, webbrowser);
     await auth.authenticate(connectionConfig.getAuthenticator(),
       connectionConfig.getServiceName(),
       connectionConfig.account,

@@ -62,14 +62,15 @@ exports.formAuthJSON = function formAuthJSON(
  */
 exports.getAuthenticator = function getAuthenticator(connectionConfig, httpClient) {
   const authType = connectionConfig.getAuthenticator();
+  const openExternalBrowserCallback = connectionConfig.openExternalBrowserCallback; // Important for SSO in the Snowflake VS Code extension
   let auth;
   if (authType === AuthenticationTypes.DEFAULT_AUTHENTICATOR || authType === AuthenticationTypes.USER_PWD_MFA_AUTHENTICATOR) {
     auth = new AuthDefault(connectionConfig);
   } else if (authType === AuthenticationTypes.EXTERNAL_BROWSER_AUTHENTICATOR) {
     if (connectionConfig.getClientStoreTemporaryCredential() && !!connectionConfig.idToken) {
-      auth = new AuthIDToken(connectionConfig, httpClient);
+      auth = new AuthIDToken(connectionConfig, httpClient, openExternalBrowserCallback);
     } else {
-      auth = new AuthWeb(connectionConfig, httpClient);
+      auth = new AuthWeb(connectionConfig, httpClient, openExternalBrowserCallback);
     }
   } else if (authType === AuthenticationTypes.KEY_PAIR_AUTHENTICATOR) {
     auth = new AuthKeypair(connectionConfig);

@@ -860,6 +860,7 @@ function ConnectionConfig(options, validateCredentials, qaMode, clientInfo) {
   this.masterTokenExpirationTime = options.masterTokenExpirationTime;
   this.sessionTokenExpirationTime = options.sessionTokenExpirationTime;
   this.clientConfigFile = options.clientConfigFile;
+  this.openExternalBrowserCallback = options.openExternalBrowserCallback;
 
   // create the parameters array
   const parameters = createParameters();

@@ -231,7 +231,7 @@ describe('external browser authentication', function () {
       body['data']['AUTHENTICATOR'], AuthenticationTypes.EXTERNAL_BROWSER_AUTHENTICATOR, 'Authenticator should be EXTERNALBROWSER');
   });
 
-  it('external browser - id token', async function () {
+  it('external browser - id token, no webbrowser', async function () {
     const auth = new AuthIDToken(connectionOptionsIdToken, httpclient);
     await auth.authenticate(credentials.authenticator, '', credentials.account, credentials.username, credentials.host);
 
@@ -241,6 +241,17 @@ describe('external browser authentication', function () {
     assert.strictEqual(body['data']['TOKEN'], connectionOptionsIdToken.idToken);
     assert.strictEqual(body['data']['AUTHENTICATOR'], AuthenticationTypes.ID_TOKEN_AUTHENTICATOR);
   });
+
+  it('external browser - id token, webbrowser cb provided', async function () {
+    const auth = new AuthIDToken(connectionOptionsIdToken, httpclient, webbrowser.open);
+    await auth.authenticate(credentials.authenticator, '', credentials.account, credentials.username, credentials.host);
+
+    const body = { data: {} };
+    auth.updateBody(body);
+
+    assert.strictEqual(body['data']['TOKEN'], connectionOptionsIdToken.idToken);
+    assert.strictEqual(body['data']['AUTHENTICATOR'], AuthenticationTypes.ID_TOKEN_AUTHENTICATOR);
+  });
 });
 
 describe('key-pair authentication', function () {