got an error when using IdpTokenAuthPlugin + AWS Identity center to access redshift
0
when I followed this document https://docs.amazonaws.cn/en_us/redshift/latest/mgmt/jdbc20-configuration-options.html#jdbc20-plugin_name-option to connect redshift with IdpTokenAuthPlugin, I got an error: “Invalid scope. User's credentials are not authorized to connect to Redshift.” I have already assigned IDC user/group to Redshift Identity center managed application, and I can successfully connect with redshift query editor v2, but it failed with JDBC client or Python script when using IdpTokenAuthPlugin.
my test step was:
call create_token() API to get the access token.
response = client.create_token(
clientId='$$$',
clientSecret='$$$',
grantType='refresh_token',
refreshToken='$$$',
scope=[
'sso:account:access'
]
)
access_tk = response['accessToken']
in this step I could successfully get the access token.
Then connect to redshift with IdpTokenAuthPlugin + access token:
conn = redshift_connector.connect(
host = '$$$.redshift-serverless.amazonaws.com',
database = 'dev',
serverless_acct_id = '$$$',
serverless_work_group = '$$$',
region = '$$$',
identity_namespace = 'AWSIDC',
credentials_provider = 'IdpTokenAuthPlugin',
token = access_tk,
token_type = 'ACCESS_TOKEN',
db_user = '$$$'
)
this step will got the above error.