Authentication using application tokens

In release 2024.2, ltokens have been replaced by application tokens for signing in to command line tools. If you relied on ltokens for scripting before release 2024.2, see Transitioning from ltokens to application tokens.
Application tokens cannot be used to authenticate with the Web API. Use kwauth to authenticate to your Validate server, then use kwauth --print-auth-info to obtain the ltoken.

You can use an application token to sign in to the command line tools, using the kwauth or validate auth command. This allows you to securely authenticate on a headless machine, where you cannot sign in with a username and password through a browser.

You create application tokens in the Validate portal. Each token is assigned to a specific user.

Any user can receive and use an application token. To manage application tokens, a user must be assigned an appropriate role and one of the following permissions:

  • Manage application tokens for all users. With this permission, users can create, delete, or modify application tokens for all users.

  • Manage application tokens for self. With this permission, users can create, delete, or modify only their own application tokens.

For security reasons, when you create an application token, it will be shown only once. The token disappears after three minutes or if you refresh the page. A lost token cannot be retrieved. If you lose a token, you can delete the lost token and create a new token to replace it. To avoid this inconvenience, store the token in a secure password manager for future use.

Create an application token

  1. In the Validate portal, from the top toolbar, click + Create application token.

  2. Complete the following fields:

    • Application token name: Type a specific token name that describes where the token will be used. For example, type "Build machine 1".

    • Owner: Type the username of the user you are creating the token for.

    • Expires at: Select an expiry date.

      A token without an expiry date will be less secure.
  3. Click Create.

    For enhanced security, the token is shown for only three minutes before it disappears and cannot be retrieved. Copy the token value before you proceed or refresh the page.
  4. Store the token in a secure password manager for future use.

Sign in to the command line tools using an application token

  1. Open a command prompt.

  2. Type the command kwauth --use-application-token and press Enter.

  3. Copy the token from the secure password manager.

  4. Paste the token into the command prompt and press Enter. The system signs you in.

Import or migrate projects using application tokens

If you are using modern authentication (available from release 2024.2 onwards), you use application tokens to import or migrate projects from a source to a target instance. You will no longer be using a user name and password to authenticate the import or migration.

To import or migrate project with modern authentication:

  1. Sign in to your source instance and create an application token.

  2. Copy and store the token.

  3. Sign in to the target instance.

  4. In Projects, select Import.

  5. Specify the source URL, and paste the generated application token.

For more information, see Import your projects and server settings.