Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Configurations
  2. Communication Between Services
  3. Manage Keys

Pairing Tokens

Available from Artifactory version 7.29.7, a pairing token establishes trust between different JFrog microservices.

Available from Artifactory version 7.29.7, a pairing token establishes trust between different JFrog microservices. The pairing token is an access token that is used for the initial pairing flow. Because the token is a limited access token, it is dedicated to a specific task and short-lived. Once trust is established, the services can continue using the standard token-based authentication for communication.

📘

Note

Pairing tokens replace the join key that was used in the past in the JFrog Platform to link between services. This type of token is only designed to link cross-topologies (i.e., locally, and not within a JPD).

Pairing tokens enable you to connect between your JFrog Platform Deployment (JPD) / edge node and a remote JFrog Mission Control service. Pairing tokens provide pairing for a specific purpose use case. They are revocable, and are expected to be used at most once (i.e., revoked after first pairing). The default expiry setting for these tokens is 5 minutes.

  • The subject of the token is the same as the subject of the principal who requested the pairing token/
  • The base URL in the extension is mandatory
  • The exchange URL in the extension is mandatory (since the token is signed, this URL can be assumed as trusted)
  • The pairing URL is optional and is used when you need to establish a two-way trust

Master Token

The result of a pairing is the master token, which is an access token that grants the requesting service all the actions it requires on the issuing service, for the given use case. The master token is usually a strong access token that can be used for several operations and is usually a long-lived token. An admin user can revoke trust by revoking this token.

Set up Pairing Tokens

  1. In the Administration tab, go to Identity and Access | Access Tokens | Pairing Token.

  2. In the Generate Pairing Token for field, select Mission Control (for JPDs).

  3. Click Generate to generate the token.

    This displays the token window, which includes the token's expiration (in seconds, set by default to 300 seconds = 5 minutes), the token ID, and the actual token, which you can copy by clicking Copy.

Updated 5 days ago