Configuring token authentication in a Db2 client

You can replace user names and passwords with tokens for authenticating clients at the Db2 server.

Before you begin

Ensure that TOKEN support is enabled at the Db2® server. Currently, the only token type supported by the Db2 server is the JSON Web Token (JWT).

About this task

Tokens encapsulate both the identity of the user and proof of that identity. Tokens are generated outside of Db2 and passed as input in the connect statement.

You can connect to the Db2 server from the following sources:
  • An embedded SQL statement.
  • The Db2 Command Line Processor (CLP).
  • An ODBC/CLI client.
  • A JDBC client.

Procedure

Establish token authentication using the procedure that matches your connection method.
Embedded SQL and the Command Line Processor
Specify the ACCESSTOKEN and ACCESSTOKENTYPE parameters during the connect statement:
$ db2 connect to sample accesstoken <access_token> accesstokentype jwt

   Database Connection Information

 Database server        = DB2/LINUXX8664 11.5.5.0
 SQL authorization ID   = NEWTON
 Local database alias   = SAMPLE
CLI/ODBC clients
Specify the accesstoken and accesstokentype parameters in the connection string. 
accesstoken=<access_token>;accesstokentype=jwt;
Note: These parameters cannot be specified in the db2cli.ini or db2dsdriver.cfg configuration files.
JDBC Clients
  1. Use the setSecurityMechanism, setAccessToken and setAccessTokenType methods of a Db2 data source object:
     DB2SimpleDataSource dataSource; dataSource.setSecurityMechanism(com.ibm.db2.jcc.DB2BaseDataSource.TOKEN_SECURITY); dataSource.setAccessToken("access-token"); dataSource.setAccessTokenType("JWT");
  2. Specify the securityMechanism, accessToken and accessTokenType parameters in a JDBC URL: 
    Connection conn = DriverManager.getConnection( "jdbc:db2://host-name-or-IP-address:50001/BLUDB:" + "accessToken=access-token;accessTokenType=JWT;" + "securityMechanism=19;sslConnection=true");