Studio

Token Management

Updated: January 6, 2020

As a commitment to an always improved security, Nuxeo Online Services delegates authentication to Okta. This allows us to secure it in an advanced way, and provide additional security options.

The counterpart is that whenever using commands in our clients and APIs that require authentication, your password can't be used. Nuxeo Online Services needs an alternative way for you to authenticate: that's when you should use a token.

Future Change
Tokens will become the mandatory way to authenticate for all our tools and APIs. We strongly recommend doing the switch as soon as possible to prevent any breakage in the future.

What is a Token

A token is a randomly generated text that can be used as a replacement for your password when authenticating to our services. It is meant to be used as a replacement for your password in all places where you would need to write down your password, but would rather avoid to disclose it: for instance in configuration files.

When to Use a Token

Tokens need to be used as a replacement for your password in Nuxeo Online Services APIs and our command line tools:

Tokens are only used for command-line tools and APIs. You still need to use your password as usual when you log in to Nuxeo Online Services in your browser, for instance when accessing Nuxeo Studio.

Creating a Token

To generate a token:

  1. Login to Nuxeo Online Services,
  2. Visit the My Tokens tab,
  3. Create your token using the corresponding button and provide a clear name for it (ex: "CI Chain"). The name has no impact; it is only meant for you to remember where / how you plan to use it, that's very important in case you need to revoke it later.

Your token will only be shown once; be sure to save it in a secure place, for instance a password management tool.

We recommend using a different token for every tool or service you plan to use: this lessens the impact if you need to revoke it at some point.

Using your Tokens

Using your token consists in entering it when prompted.

In some cases, configuration can help you skip this prompt to make your flow faster:

Tokens are only used for command-line tools and APIs. You still need to use your password as usual when you log in to Nuxeo Online Services in your browser, for instance when accessing Nuxeo Studio.

Revoking a Token

Tokens have no expiration date or policy. If you ever forget your token, think it may have been compromised or simply wish to change them regularly for increased security:

  1. Login to Nuxeo Online Services,
  2. Visit the My Tokens tab,
  3. Revoke the appropriate token(s),
  4. Generate new token(s) and update any impacted configuration.

We'd love to hear your thoughts!

All fields required