Closed kachely26 closed 1 week ago
If you're using the msodbcsql (17 or 18) driver you can give it the access token directly: https://learn.microsoft.com/en-us/sql/connect/odbc/using-azure-active-directory#authenticating-with-an-access-token
Hey @v-chojas - Would this be the same issue as documented in the wiki here
making this a duplicate of #228 ?
@gordthompson I wouldn't call this a duplicate without knowing more details about what the OP is trying to accomplish ("federated credentials" is vague and can refer to various things) or indeed if this is the msodbcsql driver being used.
Thank you so much @v-chojas and @gordthompson!
I think this is what I want https://github.com/mkleehammer/pyodbc/wiki/Tips-and-Tricks-by-Database-Platform#authenticate-using-an-access-token-from-azure-active-directory
Besides, when I use access token, should I set the connection as something like below?
Driver={ODBC Driver 18 for SQL Server};Server={server};Authentication=ActiveDirectoryIntegrated;Encrypt=yes;
?
Which Authentication type should I use for access token authentication?
Should I set the token when calling connect function? Is it possible to set it in the connection string?
conn = pyodbc.connect(connstr, attrs_before = { 1256:bytearray(tokenstruct) })
Do not specify authentication mode when using access token. https://learn.microsoft.com/en-us/sql/connect/odbc/using-azure-active-directory?view=sql-server-ver16#authenticating-with-an-access-token
I got the access token from
Does the access token a correct one?
I see it returns me Login failed for user \'<token-identified principal>\'. The server is not currently configured to accept this token. (18456) (SQLDriverConnect)")\n(Background on this error at: http://sqlalche.me/e/13/rvf5)
Could you provide some insights here?
You need to add the corresponding account on the server with CREATE USER ... FROM EXTERNAL PROVIDER
Please first make sure you have looked at:
Environment
To diagnose, we usually need to know the following, including version numbers. On Windows, be sure to specify 32-bit Python or 64-bit:
Issue
Due to security issue, I cannot use clientid + secret when I use service principal as the authentication method. Then how can I use federated credentials to do the authentication? Thank you!
Often it is easiest to describe your issue as "expected behavior" and "observed behavior".