Skip to content

support jwt in aws wif#2766

Open
sfc-gh-yuzzhang wants to merge 4 commits intomainfrom
yuzzhang-aws-wif-driver
Open

support jwt in aws wif#2766
sfc-gh-yuzzhang wants to merge 4 commits intomainfrom
yuzzhang-aws-wif-driver

Conversation

@sfc-gh-yuzzhang
Copy link

@sfc-gh-yuzzhang sfc-gh-yuzzhang commented Feb 16, 2026
edited
Loading

[Please answer these questions before submitting your pull requests. Thanks!

  1. What GitHub issue is this PR addressing? Make sure that there is an accompanying issue to your PR.

JIRA: SNOW-2919437

  1. Fill out the following pre-review checklist:

    • I am adding a new automated test(s) to verify correctness of my new code
    • I am adding new logging messages
    • I am adding a new telemetry message
    • I am modifying authorization mechanisms
    • I am adding new credentials
    • I am modifying OCSP code
    • I am adding a new dependency

  2. Please describe how your code solves the related issue.
    Implements JWT token validation for AWS Outbound Identity Federation.
    Previously, AWS WIF used pre-signed STS requests that GS forwarded to AWS for validation. This PR migrates to AWS's GetWebIdentityToken API, which returns a standard JWT token.

  3. (Optional) PR for stored-proc connector:
    ](https://github.com/snowflakedb/snowflake-connector-python/pull/new/yuzzhang-aws-wif-driver)

Will update DESCRIPTION.md after get the expected release date
Did not change async path, because it is freeze currently: https://snowflakecomputing.atlassian.net/browse/SNOW-2905263

@github-actions
Copy link

github-actions bot commented Feb 16, 2026
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@sfc-gh-yuzzhang
Copy link
Author

sfc-gh-yuzzhang commented Feb 18, 2026

I have read the CLA Document and I hereby sign the CLA

@sfc-gh-yuzzhang sfc-gh-yuzzhang added NO-CHANGELOG-UPDATES This pull request does not need to update CHANGELOG.md and removed NO-CHANGELOG-UPDATES This pull request does not need to update CHANGELOG.md labels Feb 18, 2026
@sfc-gh-yuzzhang sfc-gh-yuzzhang marked this pull request as ready for review February 18, 2026 22:35
@sfc-gh-yuzzhang sfc-gh-yuzzhang requested a review from a team as a code owner February 18, 2026 22:35
sfc-gh-pmansour
sfc-gh-pmansour reviewed Feb 18, 2026
View reviewed changes
Copy link
Contributor

@sfc-gh-pmansour sfc-gh-pmansour left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Have you had a chance to test this e2e yet, eg. on an AWS VM?

@sfc-gh-yuzzhang
Copy link
Author

sfc-gh-yuzzhang commented Feb 19, 2026
edited
Loading

Thanks!

Have you had a chance to test this e2e yet, eg. on an AWS VM?

Thanks! I've already tested on VM, but because the GS side hasn't been merged yet, I got the error from GS: snowflake.connector.errors.DatabaseError: 250001 (08001): Failed to connect to DB: wif_tests.qa6.us-west-2.aws.snowflakecomputing.com:443. The AWS STS request was improperly encoded or was missing a required field ("url", "method", "headers").
I‘ll test again after GS side is set up, and will only merge after confirming everything works.

sfc-gh-xizhao
sfc-gh-xizhao approved these changes Feb 20, 2026
View reviewed changes
Copy link
Contributor

@sfc-gh-xizhao sfc-gh-xizhao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sfc-gh-xizhao sfc-gh-xizhao sfc-gh-xizhao approved these changes

+1 more reviewer

@sfc-gh-pmansour sfc-gh-pmansour sfc-gh-pmansour approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

NO_ASYNC_CHANGES

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sfc-gh-yuzzhang @sfc-gh-xizhao @sfc-gh-pmansour