Duo Mobile MFA authentication gets triggered 6 times at once

[thomasaarholt]

Hello!

With Snowflake we are using the Duo Mobile multi-factor authentication service. It pings my phone with an Accept/Deny message. Acceptance is cached for 6 hours.

When I use the Wizard extension, Duo Mobile is triggered six times at once. This will happen again for me in about 4 hours, since this happened 2 hours ago (and has been happening since I started using the extension a while back). I think this would be prevented if Wizard did one connection to dbt / snowflake, and once that is successful, it does the next five.

[pgrivachev]

Hey @thomasaarholt!

Do you use User / Password + DUO MFA authentication method and specify authenticator: username_password_mfa in your profiles.yml? The issue might be that we don't use the 'authenticator' value in the Snowflake client within the extension. I'm trying to understand the expected value for this field.

[thomasaarholt]

I've actually been using authenticator: externalbrowser, but I can actually use that or username_password_mfa. And yes, specified in profiles.yml.

One of our engineers suggested that the multiple number of Duo requests might be due to running dbt on multiple threads?

[pgrivachev]

@thomasaarholt
We use the dbt CLI to run dbt commands. If you don't encounter any issues when running dbt in the terminal, we should also be fine running it from the extension. Additionally, we call the Snowflake API multiple times to fetch source schemas, for example.

I've made a change in the Snowflake API client configuration in v0.33.1 to address this issue. Can you please test it on your end and let me know how it performs?

[thomasaarholt]

With authenticator: username_password_mfa I had perfect behaviour now, only one MFA request!

I'll try again after the token timeout tomorrow morning (europe time here) with the externalbrowser one.

Thank you very much!

[thomasaarholt]

Aii, I spoke to soon. I got one MFA request, accepted that one, wrote this message. Then I opened command + Tab'd back into VSCode, and I got another 4 notifications immediately.

[thomasaarholt]

I can also add that I'm seeing this message now and then: dbt compile timeout exceededWizard for dbt Core (TM), but its probably unrelated to this. It is only there for a few minutes now and then.

[pgrivachev]

Aii, I spoke to soon. I got one MFA request, accepted that one, wrote this message. Then I opened command + Tab'd back into VSCode, and I got another 4 notifications immediately.

Thank you for checking it. I will continue working on this issue.

[pgrivachev]

Hi @thomasaarholt! In v0.33.2 I prevented concurrent connection attempts to Snowflake. Could you please check it on your side with MFA and let me know if this helps?

[thomasaarholt]

Just updated, and it unfortunately still triggered 6 simultaneous notifications.