 |
| Python script connecting to Db2 with JWT |
Have the right Db2 client version
Token authentication was introduced in Db2 11.5 Mod Pack 4 ("11.5.4"). In order to successfully connect using a JWT you need to be on a recent client level. Thus, I had to install the 11.5 Mod Pack 5 fixpack. If you are not on the required client level, the additional keywords are not recognized and you will see error messages such as "password missing" (SQL30082N, RC 3).
Know the right keywords
The Db2 documentation has all the required information on how to make use of token authentication - but not in a single place. Thus, it required some search and mentally piecing it together. A good source was the list of Db2 CLI / ODBC configuration keywords. With that I was able to answer my question on how to connect using the ibm_db Python driver. I had to pass the following keywords:
- AUTHENTICATION=TOKEN
- ACCESSTOKENTYPE=JWT
- ACCESSTOKEN=the actual JWT value
Sample script:
#!/usr/bin/python3
import ibm_db, os
# get token from environment
TOKEN=os.getenv("TOKEN","invalid")
connstring="""DATABASE=testdb;HOSTNAME=localhost;PORT=50000;
AUTHENTICATION=TOKEN;ACCESSTOKEN={};ACCESSTOKENTYPE=JWT""".format(TOKEN)
conn=ibm_db.connect(connstring,'','')
if conn:
print ("Connection succeeded.")
ibm_db.close(conn)
else:
print("failed") As you can see, I am not passing in any user ID or password, but the set AUTHENTICATION to TOKEN. In addition, similar to the command line example, I pass in the token type and the actual token. Because the Db2 open source drivers all depend on the CLI / ODBC driver, configuration for Node.js, Golang, Ruby and Rust is similar.
If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.