SNOW-636926: Users can't SSO through a containerized web app (e.g. Streamlit)

[aduverger]

Hello guys !

What is the current behavior?

We have a web application developed with Streamlit, that let people access their Snowflake tables easily.
To do that, users have to log in using AzureADSSO.
Everything works well when the streamlit app is running locally :

• User click on a SSO button
• A new tab opens to log in using their Azure Account
• They can close the tab, and now they are loged in with the app

Yet, when using the app on a virtual machine and/or within a Docker container, the snowflake python connector can't open a new tab, so it logs to the console the URL needed to get a token. Then the user needs to manually write this token in the console:

So locally, even if it's a docker container running, we can still manage to enter the token URL in the console.
But when the app is hosted on a virtual machine / azure container instance, users can't access the console.

What is the desired behavior?

Is there any workaround or possible improvement so that users could enter the token URL differently that through the console ?

How would this improve snowflake-connector-python?

This would allow to use SSO Snowflake connector with web applications.

Thank you very much for your help :)

[feluelle]

Hey @aduverger,
#932 could be of interest to you.

[kamilKujawski]

Hey @aduverger,
were you able to figure this out with steamlit? I tried to use those vars from #932 however I was not able to make it work.