UNPKG

snowflake-sdk

Version:

Node.js driver for Snowflake

github.com/snowflakedb/snowflake-connector-nodejs

snowflakedb/snowflake-connector-nodejs

104 lines (103 loc) 4.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import { WorkloadIdentityProviderKey } from '../authentication/auth_workload_identity/types'; /** * Work In Progress typing for ConnectionOptions */ export interface WIP_ConnectionOptions { /** * Specifies the authenticator to use for verifying user login credentials. * * Available options: * * `SNOWFLAKE` - Default authenticator that uses basic username/password authentication * * `EXTERNALBROWSER` - Browser-based SSO authentication through your identity provider * * `SNOWFLAKE_JWT` - Key pair authentication using a private key and public key pair * * `OAUTH` - OAuth authentication using a token obtained from OAuth flow * * `USERNAME_PASSWORD_MFA` - Username/password with multi-factor authentication * * `PROGRAMMATIC_ACCESS_TOKEN` - Using a programmatic access token set in ConnectionOptions.token or ConnectionOptions.password * * `OAUTH_AUTHORIZATION_CODE` - OAuth authorization code flow for web applications * * `OAUTH_CLIENT_CREDENTIALS` - OAuth client credentials flow for service-to-service auth * * `WORKLOAD_IDENTITY` - Workload identity authentication * * `https://<okta_account_name>.okta.com` - Native SSO authentication through Okta */ authenticator?: string; /** * Enable SSO token caching. The default value is false. * * https://docs.snowflake.com/en/developer-guide/node-js/nodejs-driver-authenticate#authentication-token-caching */ clientStoreTemporaryCredential?: boolean; /** * Specifies the token to use for authentication. Set this option if you set the authenticator option to * * OAUTH * * PROGRAMMATIC_ACCESS_TOKEN * * WORKLOAD_IDENTITY */ token?: string; /** * Enable single use refresh tokens for OAuth */ oauthEnableSingleUseRefreshTokens?: boolean; /** * Value of `client id` provided by the identity provider for Snowflake integration (Snowflake security integration metadata). */ oauthClientId?: string; /** * Value of the `client secret` provided by the identity provider for Snowflake integration (Snowflake security integration metadata). */ oauthClientSecret?: string; /** * Identity provider endpoint supplying the authorization code to the driver. * When Snowflake is used as an identity provider, this value is derived from the `server` or `account` parameters. */ oauthAuthorizationUrl?: string; /** * Identity Provider endpoint supplying the access tokens to the driver. * When using Snowflake as an Identity Provider, this value is derived from the `server` or `account` parameters. */ oauthTokenRequestUrl?: string; /** * Scope requested in the Identity Provider authorization request. * By default, it is derived from the role. * When multiple scopes are required, the value should be a space-separated list of multiple scopes. */ oauthScope?: string; /** * URI to use for authorization code redirection (Snowflake security integration metadata). * Default: `http://127.0.0.1:{randomAvailablePort}/`. */ oauthRedirectUri?: string; /** * @deprecated * FOR TESTING ONLY. Allows to use insecure http requests. */ oauthHttpAllowed?: boolean; /** * When authenticator=OAUTH_AUTHORIZATION_CODE, customize the code challenge method */ oauthChallengeMethod?: string; /** * When authenticator=WORKLOAD_IDENTITY, specifies the identity provider. Available options: * * AWS - Uses `@aws-sdk` to find credentials and encodes signed GetCallerIdentity request as token * * AZURE - Uses `@azure/identity` to find credentials and get JWT token * * GCP - Uses `google-auth-library` to find credentials and get JWT token * * OIDC - Reads JWT token from `ConnectionOptions.token` * * When none is passed, the driver will try to auto-detect the provider. */ workloadIdentityProvider?: WorkloadIdentityProviderKey; /** * Customize Azure Entra Id Resource used to obtain workload identity auth token */ workloadIdentityAzureEntraIdResource?: string; } /** * Work In Progress typing for ConnectionConfig instance */ export type WIP_ConnectionConfig = { token: WIP_ConnectionOptions['token']; workloadIdentityProvider: WIP_ConnectionOptions['workloadIdentityProvider']; workloadIdentityAzureEntraIdResource: WIP_ConnectionOptions['workloadIdentityAzureEntraIdResource']; oauthEnableSingleUseRefreshTokens: WIP_ConnectionOptions['oauthEnableSingleUseRefreshTokens']; getOauthHttpAllowed(): boolean; getOauthClientId(): string; getOauthClientSecret(): string; };