SNOW-715524: Add SSO token cache

[sfc-gh-ext-simba-lf]

Description

Add SSO token cache

Checklist

• Code compiles correctly
• Code is formatted according to Coding Conventions
• Created tests which fail without the change (if possible)
• All tests passing (dotnet test)
• Extended the README / documentation, if necessary
• Provide JIRA issue id (if possible) or GitHub issue id in PR name

[codecov]

Codecov Report

Attention: Patch coverage is 92.53333% with 28 lines in your changes missing coverage. Please review.

Project coverage is 87.23%. Comparing base (c3cb344) to head (126e337).

Files with missing lines	Patch %	Lines
Snowflake.Data/Core/Tools/BrowserOperations.cs	5.55%	17 Missing ⚠️
...astructure/SFCredentialManagerWindowsNativeImpl.cs	92.15%	2 Missing and 2 partials ⚠️
...Core/Authenticator/ExternalBrowserAuthenticator.cs	96.96%	3 Missing ⚠️
...ager/Infrastructure/SFCredentialManagerFileImpl.cs	98.09%	0 Missing and 2 partials ⚠️
...re/CredentialManager/SFCredentialManagerFactory.cs	95.83%	0 Missing and 1 partial ⚠️
Snowflake.Data/Core/Session/SFSession.cs	96.15%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #921      +/-   ##
==========================================
+ Coverage   85.70%   87.23%   +1.53%     
==========================================
  Files         117      122       +5     
  Lines       11331    11614     +283     
  Branches     1130     1158      +28     
==========================================
+ Hits         9711    10132     +421     
+ Misses       1342     1196     -146     
- Partials      278      286       +8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rafael-sotelo]

Any updates on this PR ? Can I help ? I been waiting for this SSO Token Cache for long time

[sfc-gh-ext-simba-lf]

Any updates on this PR ? Can I help ? I been waiting for this SSO Token Cache for long time

Currently we're trying out different libraries/packages for the credential manager. Then it'll be reviewed if it meets the security requirements

[sfc-gh-knozderko]

Why do we encrypt tokens when storing them in memory whereas in file implementation we do not do it?
I think encryption here it is not necessary... Maybe only we should make sure that ToString() operation on this class does not reveal any credentials.

[sfc-gh-ext-simba-lf]

I think I saw JDBC do some encryption so I tried to follow it

The encryption is now removed. I also checked ToString() and it only shows the class name so no sensitive info. The dictionary itself is private so it shouldn't be possible to call ToString() on the dictionary itself

[sfc-gh-knozderko]

maybe, you are right some kind of obfuscating the string would be good. Maybe let's use SecureString to store the tokens. You could use Snowflake.Data.Core.Tools.SecureStringHelper

[sfc-gh-ext-simba-lf]

Sure, the tokens are now stored with SecureStringHelper

[sfc-gh-knozderko]

this class should not be public since it is not meant to be used by the user. You should move it into another package because in Snowflake.Data.Client should be only classes we want to share with the user.

[sfc-gh-ext-simba-lf]

Understood, the class is no longer public and has been moved

[sfc-gh-knozderko]

But you moved all the classes from Client to Core - I meant something else...

The Idea is that all classes which could be used by the client should be publicly accessible and located in Client package so the client has all his classes in one place. Classes in Client package start with Snowflake - so it would be good to follow this convention.

In other than Client package we have our internal classes. These should not be public. These classes do not prefix with Snowflake. Sometimes they prefix with SF, but I don't think we should prefix every our internal class with SF, because we do not gain anything from this. So for our internal classes we are free to use any name we want.

The factory class is internal so it is good that you moved it to Core. But for instance ISFCredentialManager is public so it would better fit to Client package. And its previous name ISnowflakeCredentialManager was better fitting our conventions. However the class TokenType which is defined in the same file as ISFCredentialManager is internal so it should be extracted to separate file and placed in Core. Sometimes if we would not like to put too many implementation details into the Client classes we can use a pattern of creating a wrapper class in API. Such a pattern was used here: https://github.com/snowflakedb/snowflake-connector-net/blob/master/Snowflake.Data/Client/SnowflakeDbSessionPool.cs is a public class in Client package which is wrapping the internal class in Core package: https://github.com/snowflakedb/snowflake-connector-net/blob/master/Snowflake.Data/Core/Session/SessionPool.cs
So following this pattern we could have internal implementations in Core.CredentialManager package but then we would need a publicly accessible wrappers in Client package with names starting from Snowflake. Or you can don't create such wrappers but move all public classes to Client package - it is up to you.

[sfc-gh-ext-simba-lf]

My mistake, I thought I was supposed to move the other classes as well

I've reverted some of the changes and did some refactoring:

• Rename ISFCredentialManager back to ISnowflakeCredentialManager
• Move ISnowflakeCredentialManager back to Client
• Extract TokenType from ISnowflakeCredentialManager

Does that look alright to you?

[sfc-gh-knozderko]

You could move all the implementations into subpackage Infrastructure

[sfc-gh-ext-simba-lf]

Done

[sfc-gh-knozderko]

this improvement is not related to the feature itself?

[sfc-gh-ext-simba-lf]

It's not directly related, but I saw that other connectors like JDBC include the driver name and version in the request so I thought to include it as well in .NET for parity