Can we create a user token through the API?

Hi there :wave:

While it is understandable that creating a token through the API may raise security concerns, would it be possible to create a token through the API?

To check the status of my local Jenkins instance running through Docker, I use the curl command with the generated token to post a job build.
I have checked, and the hashed version of the token is not visible through JCasc.
It is in a config.xml file somewhere.

However, if Iā€™m unable to create a token through the API and cannot persist it through JCasc, are there any other alternatives I should consider?

Would the Jenkins cli work for that need?


you mean create it via the REST API or by e.g. calling a system groovy script?

1 Like

The token is stored in the users config.xml afaik.

1 Like

Also look here:

Thanks Markus. :pray:
Yes indeed, I was wondering if I can get a token through the use of the REST API.

I had to adapt a little the commands found in the document you linked, as curl has evolved:

CRUMB=$(curl -k http://user:password@server/crumbIssuer/api/xml?xpath=concat\(//crumbRequestField,%22:%22,//crumb\) -c cookies.txt)

works well and creates a cookies.txt file, and a CRUMB variable.

# Netscape HTTP Cookie File
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_localhost     FALSE   /       FALSE   0       JSESSIONID.985e6e10     node01atelbjgy57rs18spc5gkpz3sk6.node0


What puzzles me is that the next command does not use that CRUMB environment variable:

curl -k 'http://user:password@server/user/admin/descriptorByName/' --data 'newTokenName=kb-token' -b cookies.txt

So I get:

<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
<body><h2>HTTP ERROR 403 No valid crumb was included in the request</h2>
<tr><th>MESSAGE:</th><td>No valid crumb was included in the request</td></tr>
<hr/><a href="">Powered by Jetty:// 10.0.15</a><hr/>


So I tried curl -k 'http://user:password@server/user/admin/descriptorByName/' --data 'newTokenName=kb-token' -b cookies.txt -H $CRUMB
and got a satisfying answer:

Thanks! :partying_face: