Token Management

As a commitment to an always improved security, Nuxeo Online Services delegates authentication to Okta. This allows us to secure it in an advanced way, and provide additional security options.

The counterpart is that whenever using commands in our clients and APIs that require authentication, your password can't be used. Nuxeo Online Services needs an alternative way for you to authenticate: that's when you should use a token.

What is a Token

A token is a randomly generated string that can be used as a replacement for your password when authenticating to our services. It is meant to be used as a replacement for your password in all places where you would need to write down your password, but would rather avoid to disclose it: for instance in configuration files.

When to Use a Token

Tokens need to be used as a replacement for your password in Nuxeo Online Services APIs and our command line tools, whenever you need to authenticate. Some examples:

• In your continuous integration / continuous delivery chain, to have your software authenticate against our Maven private repository
• To trigger a Studio release through the REST API,
• When using our command line tools with options that require a password to be provided. For example, registering an instance using nuxeoctl, linking your Studio project to your Java development project in Nuxeo CLI
• When using Studio Designer Git Access for faster development
• When mirroring some private artifacts (like a Nuxeo Studio project) using Nexus

For more details on when to use the token, see the token usage section in this page.

Creating a Token

To generate a token:

1. Login to Nuxeo Online Services,
2. Visit the My Tokens tab,
3. Create your token using the corresponding button and provide a clear name for it (ex: "CI Chain"). The name has no impact; it is only meant for you to remember where / how you plan to use it, that's very important in case you need to revoke it later.
   ×
   

Your token will only be shown once; be sure to save it in a secure place, for instance a password management tool.

Using your Tokens

Using your token is exactly the same as using a password. Enter it when prompted, or store it in your configuration when using automated tools. Some examples can be found below:

Nuxeoctl

When using a command requiring a password, nuxeoctl prompts you for your token. Example:

./nuxeoctl register
Username: [enter your NOS username]
Please enter your token: [enter your token here instead of your password]

Nuxeo CLI

Nuxeo CLI prompts for your token when needed. Example:

[email protected]:~/my-java-project$ nuxeo studio

dxxxxxxxxxxc    oxxo       lxxx lkkl       ;kkk
dxxxxxxxxxxxd;  oxxo       lxxx lkkkx:.  ,dkkkx
dxxc       lxxo oxxo       lxxx  "okkkkokkkkd,
dxxc       lxxo oxxo       lxxx    .dkkkkkk.                  Welcome to
dxxc       lxxo oxxo       lxxx   ,dkkkkkkkk,                     Nuxeo CLI
dxxc       lxxo "oxxcccccccdxxx ,kkkkx" "okkkk,
loo;       :ooc   "cooooooooool xkko       ckko

:cc,       ;cc;                 oxxxxxxxxxxxxxo
dxxc       lxxo                 oxxxxxxxxxxxxxo
dxxc       lxxo                 oxxo           
dxxc       lxxo                 oxxxxxxxxxxxxxo
dxxc       lxxo                 oxxo           
"cxxoooooooxxxo                 oxxxxxxxxxxxxxo
   xoooooooxxxo                 oxxxxxxxxxxxxxo

lkkl       ;kkk oxxxxxxxxxxxxxo xooooooooooo,  
lkkkx:.  ,dkkkx oxxxxxxxxxxxxxo lxxxxxxxxxxxxb;
 "okkkkokkkkd,  oxxo            lxxd       :xxx
   .dkkkkkk.    oxxxxxxxxxxxxxo lxxd       :xxx
  ,dkkkkkkkk,   oxxo            cxxd       :xxx
,kkkkx" "okkkk, oxxxxxxxxxxxxxo  "oxxxxxxxxxxxx
xkko       ckko oxxxxxxxxxxxxxo    :xxxxxxxxxxx


     info You are going to link a Studio project to this project.
? NOS Username: [enter your NOS username]
? NOS Token: [input is hidden] [enter your token here instead of your password]

Maven

Your token needs to be stored in your .m2/settings.xml file, where you would usually put your password. Details can be found in our Maven configuration documentation.

Studio Designer Git Access

As a prerequisite, a Git client should be installed on your computer.

Once logged in to Nuxeo Online Services:

1. Generate a personal access token in the My Tokens tab if you don't have one yet. It will be requested as a password to clone the project.
2. Visit the My Applications tab
3. Copy the Git URL to clone your project
4. On your computer, clone your project using your Git client (typically git clone [project URL]). When prompted, use your Nuxeo Online Services username and your personal access token.

To avoid having to type your token's content repeatedly, we recommend storing it using Git's standard credentials mechanisms.

Check our Nuxeo Studio Designer Git access documentation for more details.

Nuxeo Online Services REST API

When triggering a Studio project release through the Nuxeo Online Services REST API, use your Nuxeo Online Services username replace your password with a token.

Nexus

In your Nexus configuration, use your Nuxeo Online Services username and replace your Nuxeo Online Services password with your token.

Other Tools

Any other tool behaves the same as above: use your Nuxeo Online Services username and replace your Nuxeo Online Services password with your token.

Revoking a Token

Tokens have no expiration date or policy. If you ever forget your token, think it may have been compromised or simply wish to change them regularly for increased security:

1. Login to Nuxeo Online Services,
2. Visit the My Tokens tab,
3. Revoke the appropriate token(s),
4. Generate new token(s) and update any impacted configuration.