reworking the defaut oauth scope

src/snowflake/connector/auth/oauth_code.py

@@ -98,9 +98,10 @@ def construct_url(self) -> str:
             "response_type": "code",
             "client_id": self.client_id,
             "redirect_uri": self.redirect_uri,
-            "scope": self.scope,
             "state": self._state,
         }
+        if self.scope:
+            params["scope"] = self.scope
         url_params = urllib.parse.urlencode(params)
         url = f"{self.authentication_url}?{url_params}"
         return url

src/snowflake/connector/connection.py

@@ -56,6 +56,7 @@
 from .constants import (
     _CONNECTIVITY_ERR_MSG,
     _DOMAIN_NAME_MAP,
+    _OAUTH_DEFAULT_SCOPE,
     ENV_VAR_PARTNER,
     PARAMETER_AUTOCOMMIT,
     PARAMETER_CLIENT_PREFETCH_THREADS,
@@ -92,7 +93,6 @@
     ER_NO_CLIENT_ID,
     ER_NO_NUMPY,
     ER_NO_PASSWORD,
-    ER_NO_ROLE,
     ER_NO_USER,
     ER_NOT_IMPLICITY_SNOWFLAKE_DATATYPE,
 )
@@ -329,7 +329,7 @@ def _get_private_bytes_from_file(
         # SNOW-1825621: OAUTH implementation
     ),
     "oauth_scope": (
-        "session:role:{role}",
+        "",
         str,
         # SNOW-1825621: OAUTH implementation
     ),
@@ -1127,16 +1127,9 @@ def __open_connection(self):
                             "errno": ER_NO_CLIENT_ID,
                         },
                     )
-                if "{role}" in self._oauth_scope and self._role is None:
-                    Error.errorhandler_wrapper(
-                        self,
-                        None,
-                        ProgrammingError,
-                        {
-                            "msg": "Oauth code flow requirement 'role' is missing. When oauth_scope has '{role}' placeholder this is required.",
-                            "errno": ER_NO_ROLE,
-                        },
-                    )
+                if self._role and (self._oauth_scope == ""):
+                    # if role is known then let's inject it into scope
+                    self._oauth_scope = _OAUTH_DEFAULT_SCOPE.format(role=self._role)
                 self.auth_class = AuthByOauthCode(
                     application=self.application,
                     client_id=self._oauth_client_id,
@@ -1148,7 +1141,7 @@ def __open_connection(self):
                         host=self.host,
                     ),
                     redirect_uri="http://127.0.0.1:{port}/",
-                    scope=self._oauth_scope.format(role=self._role),
+                    scope=self._oauth_scope,
                 )
             elif self._authenticator == USR_PWD_MFA_AUTHENTICATOR:
                 self._session_parameters[PARAMETER_CLIENT_REQUEST_MFA_TOKEN] = (

src/snowflake/connector/constants.py

@@ -434,3 +434,5 @@ class IterUnit(Enum):
     "\nTo further troubleshoot your connection you may reference the following article: "
     "https://docs.snowflake.com/en/user-guide/client-connectivity-troubleshooting/overview."
 )
+
+_OAUTH_DEFAULT_SCOPE = "session:role:{role}"

src/snowflake/connector/errorcode.py

@@ -32,8 +32,7 @@
 ER_CONNECTION_TIMEOUT = 251011
 ER_RETRYABLE_CODE = 251012
 ER_NO_CLIENT_ID = 251013
-ER_NO_ROLE = 251014
-ER_OAUTH_STATE_CHANGED = 251015
+ER_OAUTH_STATE_CHANGED = 251014
 
 # cursor
 ER_FAILED_TO_REWRITE_MULTI_ROW_INSERT = 252001