SameerMesiah97 opened a new pull request, #60027: URL: https://github.com/apache/airflow/pull/60027
**Description** Refactor OAuth token handling in `SnowflakeHook` to ensure expired access tokens are refreshed for long-running tasks. Connection resolution has been split into static and dynamic layers by introducing a cached `_get_static_conn_params` and a dynamic `_get_conn_params` property that resolves OAuth tokens at access time. OAuth token request logic is centralized in a new internal helper, `_get_valid_oauth_token`, which validates cached tokens and refreshes them on expiry. Both `get_oauth_token` and `_get_conn_params` now delegate token resolution to `_get_valid_oauth_token`, ensuring consistent behavior and preventing reuse of expired tokens. **Rationale** OAuth access tokens are time-bound credentials and should not be cached alongside static connection configuration. Previously, caching connection parameters caused expired tokens to be reused within long-running tasks, even when valid refresh credentials were available. By separating static connection parameters from token resolution and revalidating tokens at access time, the hook now handles both short- and long-running workloads correctly without sacrificing the benefits of caching immutable configuration. **Tests** - Added a unit test covering the refresh-token flow that simulates token expiry in a long-running task and verifies that expired tokens are refreshed while static connection parameters remain unchanged. - Updated existing mocks to include `expires_in` so token expiry timestamps can be computed correctly, and adjusted tests to account for the newly added OAuth token request timeout. **Notes** - Removed a cyclical call relationship between `get_oauth_token` and `_get_conn_params` by centralizing token validation and refresh logic in `_get_valid_oauth_token`. - Added a 30-second timeout (refer to `OAUTH_REQUEST_TIMEOUT`) to OAuth token requests to prevent tasks from hanging indefinitely when the token endpoint does not respond. Closes: #60023 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
