Build a JWT from the User Inputs | Teradata Data Copy - Build a JWT From the User Inputs - Teradata VantageCloud Lake

Lake - Manage and Move Data
Deployment
VantageCloud
Edition
Lake
Product
Teradata VantageCloud Lake
Release Number
Published
February 2025
ft:locale
en-US
ft:lastEdition
2025-05-16
dita:mapPath
atx1683670417382.ditamap
dita:ditavalPath
pny1626732985837.ditaval
dita:id
atx1683670417382
  1. Use the following script to generate a JWT. Modify the variables in the script as needed.
    import jwt
import datetime
# Personal access token
PAT = "pz87ADn8DtK4nJipWs0UjITGjeCA"
# Database user
USER = "demo"
# Key name from UI
KEY_NAME = "demorsakey"
# Org ID
ORG_ID = "dataresiliency"
# JWT header
header = {
    "alg": "RS256",
    "kid": KEY_NAME,
    "typ": "JWT"
}
# JWT payload
iat_v = datetime.datetime.now(datetime.timezone.utc)
exp_v = iat_v + datetime.timedelta(hours=12)
payload = {
    "aud": ["td:service:authentication"],
    "exp": exp_v,
    "iat": iat_v,
    "iss": "wiki",
    "org_id": ORG_ID,
    "multi-use": True,
    "pat": PAT,
    "sub": USER
}
# Sign the JWT
with open(f"{KEY_NAME}.pem", "r") as key_file:
    private_key = key_file.read()
jwt_token = jwt.encode(payload, private_key, algorithm="RS256", headers=header)
# Print the JWT
print(f"JWT: {jwt_token}")

    The following are the variables:

    Variable Description Example
    PAT The personal access token (PAT) that you have created in the previous step. qz87W1GcSwHLK6IvQVH2Q
    USER The database user having access to the CCPUI. demo
    KEY_NAME The name of the key created in the previous step. demorsakey
    ORG_ID The organization ID of the CCPUI. dataresiliency
  2. Copy the pem file (demorsakey.pem) created in earlier step to the same dir as the script.
  3. After updating the variables in the script, use python to run it:
    Ensure you have the cryptography and pyjwt python libraries to run this script. If not available, install them using:
    pip install cryptography
pip install pyjwt
python gen-jwt.py
  4. Upon successful execution, you'll see a response similar to:
    JWT:  ewogICJhbGciOiAiUlMyNTYiL...V5m60MTHYy9n5B7R-7SoE
  5. Use the JWT to verify you can access the CCPUI. Replace the URL and other parameters as required.
    curl --location 'https://<path>/api/my-organization'
 --header 'Accept: application/json' --header "Authorization: Bearer ewogICJhbGciOiAiUlMyNTYiL...V5m60MTHYy9n5B7R-7SoE"
  6. If the JWT is valid, you'll see an output similar to:
      "description": "data resiliency development org",
  "domain_name": "dataresiliency",
  "id": "b678b7c2-fd11-40f8-b494-23dfa8f528d1",
  "name": "Data Resiliency Development",
  "private_pods": true,
  "idp_enabled": false,
  "erp": "8888000000003",
  "bank_name": "DATABK",
  "regions": [
    "us-west-2"
  ],
  "platform": "aws",
  "operating_mode": "production",
  "activation_state": "active"
}