RT 5.0.6 Documentation


Go to latest version →


RT::Authen::Token - token-based authentication


Allow for users to generate and login with authentication tokens. Users with the ManageAuthTokens permission will see a new "Auth Tokens" menu item under "Logged in as ____" -> Settings. On that page they will be able to generate new tokens and modify or revoke existing tokens.

Once you have an authentication token, you may use it in place of a password to log into RT. (Additionally, REST2 allows for using auth tokens with the Authorization: token HTTP header.) One common use case is to use an authentication token as an application-specific password, so that you may revoke that application's access without disturbing other applications. You also need not change your password, since the application never received it.

If you have the AdminUsers permission, along with ManageAuthTokens, you may generate, modify, and revoke tokens for other users as well by visiting Admin -> Users -> Select -> (user) -> Auth Tokens.

Authentication tokens are stored securely (hashed and salted) in the database just like passwords, and so cannot be recovered after they are generated.

Expires Date

An optional Expires Date may be entered when creating an authentication token. If an authentication token has an Expires Date it will stop working after that date.

Run the rt-email-expiring-auth-tokens script to email users that have expiring auth tokens.

Update your Apache configuration

If you are running RT under Apache, add the following directive to your RT Apache configuration to allow RT to access the Authorization header.

    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
← Back to index