Support Token Authentication Valve
The purpose of this module is to create a temporary token for a user that will be used by a Support Team to login. This way, it's not needed to disclose the real password (when it's known).
Captures d'écran
Comment installer
- In Jahia, go to "Administration --> Server settings --> System components --> Modules"
- Upload the JAR support-token-authentication-valve-X.X.X.jar
- Check that the module is started
- Make sure the Mail server is configured and activated in the administration
FAQ
Admin UI
Navigate to Administration → Users and Roles → Support Token Authentication (server level) or the equivalent entry under site settings.
- Enter a username (and optionally a site key for site-scoped users) and click Search.
- Existing tokens are listed with their creation date, recipient, description, and expiration.
- Fill in Recipient email, optional Description, and Expiration (minutes), then click Create Token.
- The generated token is shown once in a copy box — copy it before navigating away.
- Use Clear All Tokens to remove all tokens for the user.
Karaf Shell
support-token:create
Creates a token for a user.
| Option | Alias | Required | Default | Description |
|---|---|---|---|---|
-u |
--username |
✓ | — | Username |
-r |
--recipient |
✓ | — | Recipient email address |
-s |
--site-key |
null |
Site key (global users if omitted) | |
-d |
--description |
Access for Jahia Support |
Purpose of the token | |
-e |
--expiration |
60 |
Expiration in minutes |
support-token:create -u root -r support@jahia.com -e 120 -d "Bug JAHIA-1234"
support-token:list
Lists all tokens for a user (metadata only — the raw token is never stored or shown).
support-token:list -u root
support-token:clear
Removes all tokens for a user.
support-token:clear -u root
GraphQL API
All operations require admin permission.
Query — list tokens
query {
supportTokenListTokens(username: "root") {
createdDate
recipient
expiration
description
}
}
Returns null if the user does not exist, or an empty array if the user has no tokens.
Mutation — create token
mutation {
supportTokenCreate(
username: "root"
recipient: "support@jahia.com"
description: "Bug JAHIA-1234"
expiration: 120
)
}
Returns the raw token string on success, or null on failure. Store it immediately — it cannot be retrieved again.
Mutation — clear all tokens
mutation {
supportTokenClearAll(username: "root")
}
Returns true on success.
Authentication
Once a token is created, use it to log in via the standard Jahia login form or HTTP POST:
POST /cms/login
username=<user>&password=<token>&site=<siteKey>&doLogin=true
The token is valid for expiration minutes from its creation time.
Development
Build
mvn clean install
The frontend-maven-plugin installs Node/Yarn and builds the React bundle automatically.
For frontend-only development:
yarn install yarn build # development build yarn build:production yarn lint
Tests
Tests run inside Docker. From the tests/ directory:
cp .env.example .env # Edit .env: set JAHIA_IMAGE, JAHIA_LICENSE, SUPER_USER_PASSWORD docker compose up --abort-on-container-exit
Cypress results are written to tests/results/.
Security Notes
- Raw tokens are never persisted. Only their bcrypt hash is stored in JCR.
- Expired tokens are kept in JCR as audit records but rejected at login. Use Clear All Tokens to purge them.
- The token management UI is inaccessible to sessions that are themselves authenticated with a support token (blocked at the auth valve level via the session attribute).
MIT License
Copyright (c) 2019 - present Florent Bourassé
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.