Service Tokens Vs Device Tokens

All you need to know about Onboardbase service and device tokens. Control secret access in live environments

A Token is a piece of code that allows you access to a restricted resource on the internet. An example of this; can be when we use google authentication codes to gain access to a feature and carry out certain functions of that feature within that application. P2P apps, crypto apps, etc.

At Onboardbase, we have two types of tokens, and in this tutorial, I will show you their differences, uses, and best practices.

Service Tokens

Service Tokens are tokens that allow you to authenticate the Onboardbase CLI without using a web browser. The video below summarizes how you can create service tokens.

Device Tokens

Device Tokens are tokens created when you log in to the Onboardbase Cli via the web browser. Device tokens have a scoped authentication mechanism system which can be broken down into scoped authentication and global authentication.

To access the Onboardbase CLI, run the command onboardbase login on your terminal. you will see something like this below.

[email protected] ~ % onboardbase login
? Open the authorization page in your browser? (Use arrow keys)
āÆ Yes 

Scoped Authentication: enables you to authenticate your Onboardbase CLI from a folder or directory that has already been scoped.

Global Authentication: enables you to access projects on Onboardbase that have not been scoped.

Differences between service token and device token

Service TokensDevice tokens
Only admins can create service tokens.Anyone can create device tokens.
Service tokens do not require you to access a web browserDevice tokens require you to access a web browser.
Using a service token for the CLI is faster because you do not have to open a browser, input your login email, wait for the email, etc., which are all required steps for device tokens.Using a device token for the CLI is slower because you have to open a browser, input your login email, and wait for the email.

Use case of a Service Tokens

An automated process that does not need to access the browser, e.g., configuring NPM to your GitHub action pipeline. Think of service tokens as API keys that exist in your server that are used to access the resources of a provider.

In a nutshell, In an environment where you do not have access to a browser and want to use the CLI, a service token will be used, for example, automating fetching secrets in a pipeline.

Use cases of Device Tokens

Non-Automated processes will always require a browser to authenticate.