User Tokens

User token-based authentication can be activated by an administrator or user with the nx-usertoken-settings privilege. Navigate to Administration → Security → User Token.

Check the Enable user tokens box.

Select Save to activate the feature.

Additionally, you can check the Require user tokens for repository authentication box to allow the repository manager to require a user token for any access to the repository and group content URLs. This affects read and write access for deployments from a build execution or a manual upload, but the user interface will not change. Non-content operations, such as logging into Docker with plain-text credentials, are still accessible, although subsequent requests for images after logging in will fail.

You can also reset the token of an individual user by selecting the User Token tab in the Users administration from the Security menu. The password requested for the action to proceed is the password for the authenticated administrator who resets the token. A non-administrator also needs the nx-usertoken-users privilege to do this.

When you activate user tokens, the feature automatically adds the User Token Realm to the Active Realms list. To see the results, go to Realms located under Security in the Administration menu. If desired, you can re-order the security realms used, although the default settings with the User Token Realm as the first realm is probably the desired setup. This realm is not removed when the user tokens are disabled; however, it will cleanly pass through to the next realm. The realm will remain in the active bin in your Realms in case the feature is reactivated at a later stage.

User tokens are generated the first time they are accessed. A user needs the nx-usertoken-current privilege to access their user tokens.

Using the User Token

When you select the Access user token button and go through the process of generating the user token, a dialog like the one below displays your user token:

Note that the dialog will close automatically after one minute.

User Token Name and Pass Codes

Your user token name and pass codes display in separate fields. You can use these as replacements for username and password in the login dialog; you can also still use your original username and password to log into the user interface.

Server Section for Maven settings.xml

We also provide information for the server section of your Maven settings.xml. Note that you will need to replace ${server} with the repository id that references your Sonatype Nexus Repository instance against which you want to authenticate with your user token.

base64 Representation

Another field provides a base64 representation of "user:password."

Note

Note for npm: The npm client login has a limitation of [a-z0-9] characters for the username while Sonatype Nexus Repository user tokens can include any characters that are available with base64 encoding. This will result in an error if you attempt to authenticate with npm using your user token name. To get around this, place the base64 representation of "user:password" directly in your .npmrc file.

Use User Token for Repository Authentication

In order to utilize your user tokens for repository authentication you must access Sonatype Nexus Repository with the user token from the command line. For example, you would access with your username and password using a comand like the following:

curl -v --user {username}:{password} http://localhost:2468/repository/bower-all/

You can replace those credentials with the user and pass code separated by a colon in the curl command line like this:

curl -v --user {token name code}:{token pass code} http://localhost:2468/repository/bower-all/