cache passcode for python snowflake connector

Question

To connect with my snowflake db, I authenticate using a passcode (with Duo) since MFA is enabled

con = snowflake.connector.connect(
    user='',
    password='',
    account='',
    warehouse='',
    database='',
    schema='',
    passcode='011415'
)

However, every time, I want to run my python script, I need to refresh the passcode from the Duo app and re-enter the new one in the script.

Is there any way I can avoid repeating the step everytime? Can the passcode be cahced?

For example, when I use Dbeaver, it sends a notification to my Duo app and once I approve it, I dont need to re-authenticate there for the next 24 hours, unless I turn off the computer of course.

Answer 1

I was looking for an answer as well, if anyone is looking for it in the future.

This solution is not in the official doc, but you can use client_request_mfa_token. DBT uses the same kind of pattern for their snowflake connector.

Note that as per the doc, you have a 4 hour caching period max.

With certain Snowflake-provided clients, you can cache MFA tokens for up to four hours. For more information, see Using MFA Token Caching to Minimize the Number of Prompts During Authentication — Optional.

kawrgs = {
    "authenticator": "externalbrowser",
    "client_request_mfa_token": True,
    # ...

}
with snowflake.connector.connect(**kawrgs):
    pass

Answer 2

Python Connector - Using Multi-Factor Authentication (MFA)

Snowflake supports caching MFA tokens, including combining MFA token caching with SSO.

Using MFA Token Caching to Minimize the Number of Prompts During Authentication — Optional

MFA token caching can help to reduce the number of prompts that must be acknowledged while connecting and authenticating to Snowflake, especially when multiple connection attempts are made within a relatively short time interval.

A cached MFA token is valid for up to four hours.