How to get an Identity Token in 3 steps:

PLATFORM: API Key deprecation and the new Reference Tokens

AuthorFullName__c
David Livshin
articleNumber
000005407
ft:sourceType
Salesforce
FirstPublishedDate
2022-09-15T08:12:30Z
lastModifiedDate
2023-03-29
VersionNumber
8

Much like the old API keys, you can create an Identity token by going to the User Profile page:

User-added image

1] Go to the Edit Profile menu in the top right corner of the Web UI
2] Select the "Generate an Identity Token" button
3] You now have a one-time chance to copy the token text

You can use this token to access the application in place of a password, just like an API key:
 

curl -u froggy:cm[...] http://localhost:8081/artifactory/api/system/ping


You may also use this token to generate Access Tokens. The Identity Token is key here, you have to use the Identity Token in an "Authorization: Bearer" header for security reasons:
 

curl -H "Authorization: Bearer cm[...]" -d "scope=applied-permissions/user" -XPOST -v http://localhost:8081/access/api/v1/tokens

{
  "token_id" : "bbf4fc27-be5f-40d2-9b19-9181ea21900b",
  "access_token" : "ey[...]",
  "expires_in" : 31536000,
  "scope" : "applied-permissions/user",
  "token_type" : "Bearer"
}

Artifactory Administrators may generate tokens for other users, or create transient users, but they too are limited to using Identity or Admin Tokens to do so:

curl -H "Authorization: Bearer cm[... Admin ID Token ...]" -X POST -d "username=froggy-pipeline" -d "scope=applied-permissions/groups:readers" 
http://localhost:8082/access/api/v1/tokens

{
  "token_id" : "58f781d5-f59d-4f7c-972c-d78e4018c4ec",
  "access_token" : "eyJ[...]bA",
  "scope" : "applied-permissions/groups:readers",
  "token_type" : "Bearer"
}