SNOW-2231888 Add log about using plain HTTP in OAuth

CHANGELOG.md

@@ -1,6 +1,9 @@
 #### For all official JDBC Release Notes please refer to https://docs.snowflake.com/en/release-notes/clients-drivers/jdbc
 
 # Changelog
+- Upcoming release
+    - Added warning about using plain HTTP OAuth endpoints (snowflakedb/snowflake-jdbc#2556).
+
 - v4.0.2
     - Fix expired session token renewal when polling results (snowflakedb/snowflake-jdbc#2489)   
     - Fix missing minicore async initialization that was dropped during public API restructuring in v4.0.0

src/main/java/net/snowflake/client/internal/core/auth/oauth/OAuthUtil.java

@@ -33,9 +33,16 @@ static URI getTokenRequestUrl(SFOauthLoginInput oauthLoginInput, String serverUr
         !isNullOrEmpty(oauthLoginInput.getTokenRequestUrl())
             ? URI.create(oauthLoginInput.getTokenRequestUrl())
             : URI.create(serverUrl + SNOWFLAKE_TOKEN_REQUEST_ENDPOINT);
+    logIfHttpInUse(uri);
     return uri.normalize();
   }
 
+  private static void logIfHttpInUse(URI uri) {
+    if (uri.getScheme().equalsIgnoreCase("http")) {
+      logger.warn("OAuth URL uses insecure HTTP protocol: {}", uri);
+    }
+  }
+
   static HttpRequestBase convertToBaseRequest(HTTPRequest request) {
     HttpPost baseRequest = new HttpPost(request.getURI());
     baseRequest.setEntity(new StringEntity(request.getBody(), StandardCharsets.UTF_8));
@@ -50,6 +57,7 @@ static URI getAuthorizationUrl(SFOauthLoginInput oauthLoginInput, String serverU
         !isNullOrEmpty(oauthLoginInput.getAuthorizationUrl())
             ? URI.create(oauthLoginInput.getAuthorizationUrl())
             : URI.create(serverUrl + SNOWFLAKE_AUTHORIZE_ENDPOINT);
+    logIfHttpInUse(uri);
     return uri.normalize();
   }