I’m not sure if that’s possible anymore. The actual token used to be stored in the EmailToken token field, but the token field has been dropped. Now only a hashed value of the token is saved in the token_hash field.
If I’m understanding things correctly, the only way to get the actual token is from the confirmation link that’s in the email that’s sent to a user to confirm their new email address.