We have added additional errors that could be thrown when the cached …

…MFA token is expired or invalid. Multi-factor authentication (MFA) will try to use the passcode from the connection string if available; otherwise, send a Duo push notification to try to authenticate again; if it fails, the token will be removed.
snowflakedb · Oct 19, 2024 · 5d32b9c · 5d32b9c
1 parent d199909
commit 5d32b9c
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/Snowflake.Data/Core/SFError.cs b/Snowflake.Data/Core/SFError.cs
@@ -3,6 +3,8 @@
  */
 
 using System;
+using System.Collections.Generic;
+using System.Linq;
 
 namespace Snowflake.Data.Core
 {
@@ -88,14 +90,43 @@ public enum SFError
         [SFErrorAttr(errorCode = 270060)]
         INCONSISTENT_RESULT_ERROR,
 
-        [SFErrorAttr(errorCode = 390127)]
-        EXT_AUTHN_INVALID,
-
         [SFErrorAttr(errorCode = 270061)]
         STRUCTURED_TYPE_READ_ERROR,
 
         [SFErrorAttr(errorCode = 270062)]
-        STRUCTURED_TYPE_READ_DETAILED_ERROR
+        STRUCTURED_TYPE_READ_DETAILED_ERROR,
+
+        [SFErrorAttr(errorCode = 390120)]
+        EXT_AUTHN_DENIED,
+
+        [SFErrorAttr(errorCode = 390123)]
+        EXT_AUTHN_LOCKED,
+
+        [SFErrorAttr(errorCode = 390126)]
+        EXT_AUTHN_TIMEOUT,
+
+        [SFErrorAttr(errorCode = 390127)]
+        EXT_AUTHN_INVALID,
+
+        [SFErrorAttr(errorCode = 390129)]
+        EXT_AUTHN_EXCEPTION,
+    }
+
+    class SFMFATokenErrors
+    {
+        private static List<SFError> InvalidMFATokenErrors = new List<SFError>
+        {
+            SFError.EXT_AUTHN_DENIED,
+            SFError.EXT_AUTHN_LOCKED,
+            SFError.EXT_AUTHN_TIMEOUT,
+            SFError.EXT_AUTHN_INVALID,
+            SFError.EXT_AUTHN_EXCEPTION
+        };
+
+        public static bool IsInvalidMFATokenContinueError(int error)
+        {
+            return InvalidMFATokenErrors.Any(e => e.GetAttribute<SFErrorAttr>().errorCode == error);
+        }
     }
 
     class SFErrorAttr : Attribute

diff --git a/Snowflake.Data/Core/Session/SFSession.cs b/Snowflake.Data/Core/Session/SFSession.cs
@@ -139,9 +139,9 @@ internal void ProcessLoginResponse(LoginResponse authnResponse)
                     "");
 
                 logger.Error("Authentication failed", e);
-                if (e.ErrorCode == SFError.EXT_AUTHN_INVALID.GetAttribute<SFErrorAttr>().errorCode)
+                if (SFMFATokenErrors.IsInvalidMFATokenContinueError(e.ErrorCode))
                 {
-                    logger.Info("MFA Token has expired or not valid.", e);
+                    logger.Info($"Unable to use cached MFA token is expired or invalid. Fails with the {e.Message}. ", e);
                     _mfaToken = null;
                     var mfaKey = SnowflakeCredentialManagerFactory.BuildCredentialKey(properties[SFSessionProperty.HOST], properties[SFSessionProperty.USER], TokenType.MFAToken, properties[SFSessionProperty.AUTHENTICATOR]);
                     SnowflakeCredentialManagerFactory.GetCredentialManager().RemoveCredentials(mfaKey);