Login failed for user '<token-identified principal>'

Environment

Python: 64-bit
pyodbc: 4.0.30
OS: Windows
DB: SQL Server
driver: ODBC Driver 17 for SQL Server

Issue

Expected behavior

Establish a connection to SQL Server database.

Observed behavior

Getting an error that I don’t have permission, when I can connect and run basic queries in MSSMS. Only thing I can think of is that there needs to be some sort of permissions thing done on the backend, but it doesn’t make sense that it worked through SQL Server but not pyodbc.

Authentication:

Basic Query:

Code

import pyodbc

server = 'my_server.database.windows.net' 
database = 'my_db' 
username = '{me@gmail.com}'

cnxn = pyodbc.connect('DRIVER={ODBC Driver 17 for SQL Server};SERVER='+server+';DATABASE='+database+';UID='+username + '; AUTHENTICATION=ActiveDirectoryInteractive')

Error

InterfaceError: ('28000', "[28000] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Login failed for user '<token-identified principal>'. (18456) (SQLDriverConnect); [28000] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Login failed for user '<token-identified principal>'. (18456)")

Issue Analytics

State:
Created 3 years ago
Comments:10 (6 by maintainers)

Top GitHub Comments

1reaction

v-chojascommented, Jul 23, 2020

Just to be sure, you are using the same credentials when you run the Python as you did in the successful DSN test above?

The way the AzureAD authentication to SQL works is that it authenticates to AAD first to get an access token, and then submits that token to SQL during login. What your symptoms show is that in both cases the authentication is successful, but in one case the server rejects the access token.

You could also try to remove the Database from the connection string in Python, and let Azure connect you to th

0reactions

stevenhurwittcommented, Jul 23, 2020

Thanks so much, that did it! Closing issue now.

EDIT: i’m an idiot - was using DATABASE=database.obj.table instead of DATABASE=database… wow*