Best way to programmatically retrieve All App Token in 2.3.1

Looking for some advice - since we upgraded to 2.3.1 we aren’t able to pull back app tokens programmatically via the PSU API. We used to be able to do this by programmatically logging into the PSU service and hitting the API to pull back App Tokens. We can’t do this since upgrading to 2.3.1. I thought it was a permissions issue but the account I’m logging with is an static (not policy driven) Admin.

Just a guess, but it appears that now that app tokens are assigned to an identity we have to log in with the identity that created them to retrieve the app token. Is there a way to pull back all App Tokens regardless of the logged in user?

Some screenshots:

Account I’m using to login to API:

Thanks!

Product: PowerShell Universal
Version: 2.3.1

This was changed some time ago at the request of another customer but I think it was the wrong move. The idea was that app tokens should be personal and only ones generated by the user should be visible to that user.

The problem is that we then changed it to allow for setting the identity of the app token while creating them which defeats the purpose of making the app tokens specific to the user.

I think at the moment, you won’t be able to retrieve all tokens but I’ll get this switch back to the original way of doing things where you can retrieve all tokens.

Not to go too far down the architectural rabbit hole, but would making all app tokens accessible to an admin account make sense? Understandable there’s some database logic which has to be considered too

At the moment only administrator accounts have access to app tokens.

We should probably make it so that administrators can view all tokens. Non-administrators can grant tokens but only to themselves and they can only view their own tokens.

1 Like

I like that solution Adam. I was confused why I couldn’t see tokens, but they were still working. This makes sense, but I agree that an Admin should be able to see all tokens issued and manage them all.