Upgrade snowflake-connector-python version to support the token cache

[drewbanin]

Describe the feature

Upgrade snowflake-connector-python to >= v2.2.3 to support the Snowflake OAuth token cache. The only docs we could find on this were from the odbc connector, but the snowflake-connector-python says that... something... changed around a "Secure SSO ID Token" in v2.2.3 and the diff appears to be relevant to some sort of token cache.

We should:

• Try out enabling the token cache in our Snowflake account
• See if it works with the current version of snowflake-connector-python that dbt supports
• If not, see if it magically works with v2.2.3
• If not, see if we can find someone at Snowflake to give us the scoop on supported versions :)

Additional context

The token cache makes web-based oauth usable in dbt. Without the cache, each new connection (ie. thread) opened by dbt requires the user to login via a browser, rendering browser-based oauth basically useless in a multithreaded dbt run.

Who will this benefit?

Snowflake users using the oauth connection method

[ryano144]

I was getting sufficiently annoyed by the multiple popups and was able to test this out recently. Here are the steps I took:

1. Updated the allow_id_token parameter on our Snowflake account to true
2. Installed the keyring dependency that the Snowflake Python Connector uses for credentials caching.
3. Ran DBT 0.17.0 with 2 threads and still got 3 login prompts
4. Setup a local version of DBT to run from source in a Virtual Environment
5. Updated the version of Snowflake Python Connector to snowflake-connector-python==2.2.3
6. Ran local DBT 0.18.0-b1 with 2 threads. Only got a single log in prompt.
7. Ran it again. Did not get a login prompt at all!
8. Verified that the prior steps also work with the latest snowflake connector (2.2.9)

I'm working on verifying whether I'm allowed to sign the CLA before sending a PR (the change is very simple).

[bessey]

Ooh, thanks for linking to the source @ryano144, now I see there seems to be an alternative mechanism for Linux, I'll have to have a play with that

[AcidFlow]

Hello there!

I played a bit with the SSO caching on Linux today.

I set up an environment as @ryano144 did, and on Linux the token will not be cached without editing the default configuration in connection.py.

As the comment says "Mac/Win will overlook this" but Linux will not.

Therefore on Linux at the moment I had to change the default configuration to return True, as I didn't find any other ways to set this session parameter.

Once I made this change however, I could benefit from the caching of my SSO token.

[don-at-omaze]

Hello everyone. I've updated to the latest version and still see this issue. Any pointers on how to resolve?

[jtcohen6]

@don-at-omaze Which version of dbt are you using? Have you installed keyring? (See the discussion in #2689 as well)