Support Token Authentication Valve icon
Module Id
support-token-authentication-valve
Group Id
org.jahia.community
Updated
Requires Jahia
8.2.2.1
Author
Florent BOURASSE
Category
Tools and Utilities
Status
COMMUNITY info
Visit developer's website
Email developer

Support Token Authentication Valve group_work

cloud support
Download (3.0.0)

The purpose of this module is to create a temporary token for a user that will be used by a Support Team to login. This way, it's not needed to disclose the real password (when it's known).

Dependencies & Dependants

Dependencies
Dependants
  • NONE

FAQ

Admin UI

Navigate to Administration → Users and Roles → Support Token Authentication (server level) or the equivalent entry under site settings.

  1. Enter a username (and optionally a site key for site-scoped users) and click Search.
  2. Existing tokens are listed with their creation date, recipient, description, and expiration.
  3. Fill in Recipient email, optional Description, and Expiration (minutes), then click Create Token.
  4. The generated token is shown once in a copy box — copy it before navigating away.
  5. Use Clear All Tokens to remove all tokens for the user.

Karaf Shell

support-token:create

Creates a token for a user.

Option Alias Required Default Description
-u --username Username
-r --recipient Recipient email address
-s --site-key   null Site key (global users if omitted)
-d --description   Access for Jahia Support Purpose of the token
-e --expiration   60 Expiration in minutes 
support-token:create -u root -r support@jahia.com -e 120 -d "Bug JAHIA-1234"

support-token:list

Lists all tokens for a user (metadata only — the raw token is never stored or shown).

support-token:list -u root

support-token:clear

Removes all tokens for a user.

support-token:clear -u root

GraphQL API

All operations require admin permission.

Query — list tokens

query {
    supportTokenListTokens(username: "root") {
        createdDate
        recipient
        expiration
        description
    }
}

Returns null if the user does not exist, or an empty array if the user has no tokens.

Mutation — create token

mutation {
    supportTokenCreate(
        username: "root"
        recipient: "support@jahia.com"
        description: "Bug JAHIA-1234"
        expiration: 120
    )
}

Returns the raw token string on success, or null on failure. Store it immediately — it cannot be retrieved again.

Mutation — clear all tokens

mutation {
    supportTokenClearAll(username: "root")
}

Returns true on success.

Authentication

Once a token is created, use it to log in via the standard Jahia login form or HTTP POST:

POST /cms/login
username=<user>&password=<token>&site=<siteKey>&doLogin=true

The token is valid for expiration minutes from its creation time.

Development

Build

mvn clean install

The frontend-maven-plugin installs Node/Yarn and builds the React bundle automatically.

For frontend-only development:

yarn install
yarn build          # development build
yarn build:production
yarn lint

Tests

Tests run inside Docker. From the tests/ directory:

cp .env.example .env
# Edit .env: set JAHIA_IMAGE, JAHIA_LICENSE, SUPER_USER_PASSWORD
docker compose up --abort-on-container-exit

Cypress results are written to tests/results/.

Security Notes

  • Raw tokens are never persisted. Only their bcrypt hash is stored in JCR.
  • Expired tokens are kept in JCR as audit records but rejected at login. Use Clear All Tokens to purge them.
  • The token management UI is inaccessible to sessions that are themselves authenticated with a support token (blocked at the auth valve level via the session attribute).

How To Install

  • In Jahia, go to "Administration --> Server settings --> System components --> Modules"
  • Upload the JAR support-token-authentication-valve-X.X.X.jar
  • Check that the module is started
  • Make sure the Mail server is configured and activated in the administration

Images

Image description
2026_05_11_21_35.png

License

MIT License

Copyright (c) 2019 - present Florent Bourassé

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

copyright2002-2026 All Rights Reserved by Jahia Solutions Group SA

Privacy Policy / Terms of Use / Cookie Policy