An authentication token is an encrypted string that contains access information for a specific database user. The use of a token provides an alternative login mechanism that hides plain-text user names and passwords. Sessions created by token-based authentication are identical to those created with regular password-based authentication. The sessions have identical privileges and no limitation on the number of sessions.

Token-based authentication is possible with ODBC and JDBC interfaces. solidDB API (SA) and HTTP SQL interfaces are not supported.

The server creates an encryption key that is used to encrypt a user name and password in the token. All users have their own unique authentication token.

Token encryption can be done by using either built-in DES encryption or OpenSSL encryption but the server and the client must use the same encryption. OpenSSL encryption is used if available, otherwise DES encryption is used.

Token-based authentication uses a static key for symmetrical password encryption.

The authentication token can be saved to a file or used as a string. Token-based authentication should not be considered as a communication or database encryption mechanism.

A token is created for each database user individually by executing the DESCRIBE SQL statement with the CREDENTIALS option, see DESCRIBE. The statement has to be executed in a session opened by the user who will use the token; the database administrator can not create tokens for other users.

After the token is created, the token is invalidated by only the following actions:

There is no time-based expiration in solidDB access tokens.