The Mytoken Service

Mytoken is a service to obtain OpenID Connect Access Tokens in an easy but secure way for extended periods of time and across multiple devices.

To do so, users can create mytokens with exactly the properties they need for the job. These mytokens can easily be used (from multiple devices) to obtain OIDC access tokens. Mytokens and access tokens can be obtained from this web interface or the command line. For more details please refer to the full documentation.

Mytoken Web

On this web interface you can:

After sign in you additionally can:

  • Obtain access tokens
  • List your mytokens and revoke them
  • Change settings

Profile

Prefill values from a predefined profile.

OpenID Provider

OpenID Provider for which this mytoken can obtain access tokens.

Token Name

Give the Mytoken a name, so you can identify it better.

Token Type

Adapt the mytoken type so that the returned mytoken is not longer than this value.

Rotation

If the mytoken is used to request an Access Token, a new mytoken will be returned.
If the mytoken is used for other requests than requesting an Access Token, a new mytoken will be returned.
The lifetime of a single Mytoken given in seconds. (Infinite lifetime if set to 0)
If the mytoken server detects a misuse, the mytoken will be automatically revoked.

Capabilities

  • AT
    Allows obtaining OpenID Connect Access Tokens.
  • tokeninfo
    Allows to obtain all information about this token.
    • tokeninfo:introspect
      Allows to obtain basic information about this token.
    • tokeninfo:history
      Allows to obtain the event history for this token and all subtokens.
    • tokeninfo:subtokens
      Allows to list a subtoken-tree for this token.
  • manage_mytokens
    Allows to manage (obtain metadata and revoke) all mytoken.
    • manage_mytokens:list
      Allows to list metadata about all mytokens.
    • manage_mytokens:revoke
      Allows to revoke any mytoken.
    • manage_mytokens:history
      Allows to obtain the event history for any token.
  • create_mytoken
    Allows to create a new mytoken.
    A created mytoken can have the following capabilities:
  • settings
    Allows read/write access to user settings. Allows read access to user settings.
    • settings:grants
      Allows read/write access to user grants. Allows read access to user grants.
      • settings:grants:ssh
        Allows read/write access to the ssh grant. Allows read access to the ssh grant.

Restrictions

Restriction Clause
If set, the mytoken cannot be used before this time.
If set, the mytoken cannot be used after this time.
If set, Access Tokens obtained with this mytoken can only have these scope values.
If set, Access Tokens obtained with this mytoken can only be used at these audiences.
If set, the mytoken can only be used from these Hosts given by hostname, IP address or subnets.
If set, the mytoken can only be used from these countries.
If set, the mytoken cannot be used from these countries.
If set, the mytoken can only be used this often to request access tokens.
If set, the mytoken can only be used this often for requests other than requesting access tokens.
Write restrictions as JSON
Create new Mytoken

To obtain your Mytoken you have to allow the creation and authenticate at the following link:

Configure another Mytoken

Short Token JWT JWT

Do not lose access to your mytoken!

To keep access to your mytoken you must copy it to a safe location, as you will not be able to retrieve it again from this website.

Information About a Mytoken

Capabilities

  • AT
    Allows obtaining OpenID Connect Access Tokens.
  • tokeninfo
    Allows to obtain all information about this token.
    • tokeninfo:introspect
      Allows to obtain basic information about this token.
    • tokeninfo:history
      Allows to obtain the event history for this token and all subtokens.
    • tokeninfo:subtokens
      Allows to list a subtoken-tree for this token.
  • manage_mytokens
    Allows to manage (obtain metadata and revoke) all mytoken.
    • manage_mytokens:list
      Allows to list metadata about all mytokens.
    • manage_mytokens:revoke
      Allows to revoke any mytoken.
    • manage_mytokens:history
      Allows to obtain the event history for any token.
  • create_mytoken
    Allows to create a new mytoken.
    A created mytoken can have the following capabilities:
  • settings
    Allows read/write access to user settings. Allows read access to user settings.
    • settings:grants
      Allows read/write access to user grants. Allows read access to user grants.
      • settings:grants:ssh
        Allows read/write access to the ssh grant. Allows read access to the ssh grant.

Token Introspection


                                    

Restrictions

Restriction Clause
If set, the mytoken cannot be used before this time.
If set, the mytoken cannot be used after this time.
If set, Access Tokens obtained with this mytoken can only have these scope values.
If set, Access Tokens obtained with this mytoken can only be used at these audiences.
If set, the mytoken can only be used from these Hosts given by hostname, IP address or subnets.
If set, the mytoken can only be used from these countries.
If set, the mytoken cannot be used from these countries.
If set, the mytoken can only be used this often to request access tokens.
If set, the mytoken can only be used this often for requests other than requesting access tokens.
Read restrictions as JSON

Rotation

If the mytoken is used to request an Access Token, a new mytoken will be returned.
If the mytoken is used for other requests than requesting an Access Token, a new mytoken will be returned.
The lifetime of a single Mytoken given in seconds. (Infinite lifetime if set to 0)
If the mytoken server detects a misuse, the mytoken will be automatically revoked.

Event History for this Mytoken

Subtokens for this Mytoken

Exchange Transfercode

On this page you can exchange a previously created transfer code into a mytoken.