Skip to content

Introduce api-key to SPCS requests using the X-RSC-Authorization header #715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Introduce api-key to SPCS requests using the X-RSC-Authorization header #715

wants to merge 1 commit into from

Conversation

@costrouc
Copy link

@costrouc costrouc commented Oct 24, 2025
edited
Loading

Intent

This commit is mainly meant as an example to complement changes in how we will be performing authentication within the Snowflake Posit Team Native Application. When / if that PR of work for OIDC goes through this will serve as a good example of how it can be supported in the rsconnect* packages. Posit Connect supports alternate headers for authorization https://docs.posit.co/connect/admin/authentication/proxied/#api-use.

I think this PR also highlights the importance of OIDC device flow authentication which is supported in PPM
https://packagemanager.rstudio.com/__docs__/admin/appendix//cli/rspm_login_sso.html which would again eliminate the need for an api key which this PR reintroduces for SPCS.

Going to put this PR in draft and will contribute more and make it a real after I share this with our team tomorrow at standup. Right now these are the minimal changes to make this work.

Example

(.venv) costrouc@puffin:~/p/posit-dev/rsconnect-python$ rsconnect add --server https://abcdefghijklmnop-org-account.snowflakecomputing.app/ --snowflake-connection-name myconnection --name dev-test --api-key X8iPx.....ZVPxSk
Checking Posit Connect (SPCS) credential...      [OK]
Updated Posit Connect (SPCS) credential "dev-test".

Type of Change

  • Bug Fix
  • New Feature
  • Breaking Change (this changes how SPCS rsconnect authentication is performed)

Approach

Automated Tests

Directions for Reviewers

Checklist

  • I have updated CHANGELOG.md to cover notable changes.
  • I have updated all related GitHub issues to reflect their current state.

@costrouc
Minimal bits to make Snowflake SPCS OIDC authentication work
9a6bacf 
This commit is mainly meant as an example to complement changes in how
we will be performing authentication within the Snowflake Posit Team
Native Application. When / if that PR of work for OIDC goes through
this will serve as a good example of how it can be supported.

I think this PR also highlights the importance of OIDC device flow
authentication which is supported in PPM
https://packagemanager.rstudio.com/__docs__/admin/appendix//cli/rspm_login_sso.html
which would again eliminate the need for an api key.

I REALLY like how this package uses the snow command to generate the
jwt used for snowflake ingress as this means our Posit libraries don't
have to re-implement the snowflake authentication.

Going to put this PR in draft and will contribute more after I share
this with our team tomorrow at Standup.
@costrouc costrouc marked this pull request as draft October 24, 2025 04:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@costrouc