Add support for viewer-based Databricks & Snowflake credentials

[atheriel]

This commit expands the databricks() and snowflake() helpers to support the viewer-based OAuth credentials recently introduced in Posit Connect.

It is designed to support writing Shiny apps that take the following form:

library(shiny)

ui <- fluidPage(textOutput("user"))

server <- function(input, output, session) {
  conn <- reactive({
    pool::dbPool(odbc::snowflake(), session = session)
  })

  output$user <- renderText({
    res <- DBI::dbGetQuery(conn(), "SELECT CURRENT_USER()")
    res[[1]]
  })
}

shinyApp(ui = ui, server = server)

Checks for viewer-based credentials are designed to fall back gracefully to existing authentication methods. This is intended to allow users to -- for example -- develop and test a Shiny app that uses Databricks or Snowflake credentials in desktop RStudio or Posit Workbench and deploy it with no code changes to Connect.

In addition, making the caller pass a session argument (rather than just detecting, for example, if we're in a Shiny server context) is very intentional: it makes them express that they want viewer-based credentials, as opposed to using shared credentials for all viewers. It seems likely to reduce the number of cases where publisher credentials are used unexpectedly.

Internally we implement the raw HTTP calls to make the token exchange with Connect to avoid taking a dependency on the connectapi package.

Unfortunately, there are no new tests for this change; it's pretty hard to emulate what Connect is doing here without extensive mocking.

[hadley]

Is there some place that this will get an integration test?

[hadley]

Should we emit something here? Seems like it would be useful to know when you've opted-in and it's not working. (And it wouldn't be too annoying to see that message when running locally.)

[atheriel]

Modified this so you see the following when running locally:

! Ignoring `sesssion` parameter.
ℹ Viewer-based credentials are only available when running on Connect.

[atheriel]

FWIW I ran the general user-facing API design by @jcheng5 in some depth yesterday and he was on board.

[hadley]

LGTM. Feel free to squash-merge when you're done.

[tnederlof]

I got a chance to test this @atheriel, and it worked as expected. This is such a nice improvement! I will outline my experience below:

Snowflake

With the following code in my app:

dbPool(
  odbc::snowflake(),
  warehouse = "DEFAULT_WH",
  database = "<DB_NAME_HERE>",
  schema = "PUBLIC",
  account = "<ACCOUNT_HERE>"
)

Running on Workbench works with no extra messages and the app deploys successfully to Connect but the data pull fails with this in the logs:

Error in DBI::dbConnect() : 
  ✖ Failed to detect ambient Snowflake credentials.
ℹ Supply `uid` and `pwd` to authenticate manually.

Changing the code to:

dbPool(
  odbc::snowflake(),
  warehouse = "DEFAULT_WH",
  database = "<DB_NAME_HERE>",
  schema = "PUBLIC",
  account = "<ACCOUNT_HERE>",
  session = session
)

Runs on Workbench successfully with the expected message:

! Ignoring `sesssion` parameter.
ℹ Viewer-based credentials are only available when running on Connect.

It publishes successfully to Connect, and with the OAuth integration assigned and the user logged in, the data displays as expected.

Databricks

With the following code in my app:

dbPool(
  odbc::databricks(),
  httpPath = Sys.getenv("DATABRICKS_PATH")
)

Running on Workbench works with no extra messages and the app deploys successfully to Connect but the data pull fails with this in the logs:

Error in DBI::dbConnect() : 
  ✖ Failed to detect ambient Databricks credentials.
ℹ Supply `uid` and `pwd` to authenticate manually.

Changing the code to:

dbPool(
  odbc::databricks(),
  httpPath = Sys.getenv("DATABRICKS_PATH"),
  session = session
)

Runs on Workbench successfully with the expected message:

! Ignoring `sesssion` parameter.
ℹ Viewer-based credentials are only available when running on Connect.

It publishes successfully to Connect, and with the OAuth integration assigned and the user logged in, the data displays as expected.

[hadley]

Can we detect if we're running connect and/or workbench and add an extra hint to the error?

Error in DBI::dbConnect() : 
✖ Failed to detect ambient Snowflake credentials.
ℹ Supply `uid` and `pwd` to authenticate manually.
ℹ Or pass `session = session` for viewer-based credentials

[tnederlof]

I like adding that to make users aware especially if they accidentally omit session since they won't be used to passing it before.

I have seen the Connect team use if (Sys.getenv("RSTUDIO_PRODUCT") == "CONNECT") {} to check if code is running on Connect, that might be better than the current method of checking for the presence of CONNECT_SERVER or CONNECT_API_KEY because while those are automatically set when running on Connect, they are commonly set in sessions on desktop and Workbench when using connectapi or when making direct API calls.

[atheriel]

Pushed a bunch of unit tests to cover the new errors and info conditions. We now also hint about viewer-based credentials on Connect, and are more careful about what "running on Connect" means:

! Failed to detect ambient Snowflake credentials.
i Supply `uid` and `pwd` to authenticate manually.
i Or pass `session` for viewer-based credentials. <-- shown only on Connect

With Trevor's testing I now consider this safe enough to merge.