You can manage Access tokens through REST APIs or through the JFrog Platform UI - in the administration module, go to User Management | Access Tokens.
You need to have admin privileges to create admin tokens. You can also create access tokens specific to your project if you are a project admin.
JFrog Access provides JFrog Products with access tokens as a flexible means of authentication with a wide range of capabilities.
Cross-instance authentication
Access tokens can be used for authentication, not only by the instance or cluster where they were created but also for other instances and clusters that are all part of the same circle of trust.
User and non-user authentication
The case for authenticating users is clear, however, access tokens can also be assigned to non-user entities such as CI server jobs.
Time-based access control
Access tokens have an expiry period so you can control the period of time for which you grant access. However, you may also delegate that control to the receiving user by making them refreshable
Flexible scope
By assigning Groups to tokens, you can control the level of access they provide.
Pairing tokens
Manage connections between different JFrog microservices.
An access token has the following properties.
Property | Description |
---|---|
Subject | The user to which this access token is associated. If the user specified does not exist, the system will create a corresponding transient user. Administrators can assign a token to any subject (user); non-admin users who create tokens can only assign tokens to themselves. When creating the access token, the subject parameter should be the same as the username. When deleting tokens, tokens of different users with the same subject name will be deleted by design. |
Scope | The supported scopes include: Since 7.21.1, access tokens are scoped tokens. Access to the REST API is always provided by default; in addition, you may specify the group memberships that the token provides. Administrators can set any scope, while non-admin users can only create Identity Tokens (user scope). The supported scopes include:
NoteThe scope to assign to the token should be provided as a space-separated list of scope tokens, limited to 500 characters. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges. |
Audience | The set of instances or clusters on which the token may be used identified by their Service IDs. The Service ID is a unique, internally generated identifier of a JFrog service or cluster and, in the case of Artifactory, is obtained through Get Service ID REST API endpoint. |
Issuer | An identifier of the cluster on which the access token was created |
Expiry | The date and time when the token will expire. |
Issued At | The date and time when the token was created. |
ID | The token ID |