Add support for 'externalbrowser' authentication

[atheriel]

This commit adds the machinery to support the "externalbrowser" authenticator, which is an interactive sign-in flow for users with access to a local browser. It includes session caching, which is a nice ergonomic improvement for repeated calls.

(The underlying protocol is completely bespoke to Snowflake so it took me a little while to get it actually working.)

You can test it as follows:

snowflake_connection(
  account = <account>
  user = <username>,
  authenticator = "externalbrowser"
) |> snowflake_credentials()

This should open a browser window to the account's SSO provider.

Unfortunately this is all highly interactive code, so there is not much to unit test.

[aronatkins]

I have successfully authenticated from an R/RStudio session outside Snowflake into a Snowflake-hosted Connect instance using a connection having authenticator = "externalbrowser".

rsconnect::connectSPCSUser(server="NAME", apiKey="KEY", snowflakeConnectionName = "CON")

I have not tested within Snowflake.

[atheriel]

Within Snowflake you'll get an error from this package that externalbrowser auth isn't supported (because you can't redirect to a localhost server). This is the same pattern we use in httr2 and httr for OAuth flows, so it shouldn't be too surprising to R users.

[edavidaja]

Okta does not seem to like the shape of whatever SAML request is getting created:

[atheriel]

@edavidaja Any chance you're trying this from Positron or VS Code and not RStudio? I'm pretty sure I found a bug in how they handle browseURL() in the course of this.

[edavidaja]

I think it's probably worth noting somewhere that we don't expect this to work in Positron / VS Code or documenting the workaround. Maybe just the readme if we expect that subsequent changes there will resolve the issue.

[atheriel]

Added a note to the README.