# Token Management ## Managing OnePub tokens & how they interact with `dart pub` In order for the Dart CLI tooling to interact with OnePub, you need to provide it with a OnePub token so the Dart tooling can authenticate itself to OnePub. The following guide discusses the multiple ways you can provide Dart with a OnePub token but the easiest way is to simply run: `onepub login` The Dart CLI tools can now publish and get packages to/from OnePub. This guide explains OnePub 'Tokens', how to generate/export them, and exactly how they’re consumed by the Dart toolchain (`dart pub`) in local dev, CI, and containers. *** ### 1) OnePub tokens There is **only one type of token** in OnePub: the **member token**. * Each token belongs to a specific **member**. * It lasts **30 days**, but: * Every time the token is successfully used, its life is automatically **extended** for another 30 days. * Tokens grant the same level of package access that the member has. This single‑token model keeps things simple: whether you're developing locally, publishing a package, or running CI, you always use the same member token. The Team and Enterprise editions allow you to create a specialised CI/CD member that can be used in your CI/CD pipeline. *** ### 2) Obtaining a Token You can obtain a OnePub Token via one of three methods. * Implicitly * Run 'onepub login' from any CLI environment. This command authenticates you with OnePub and then makes the token visible to the Dart CLI tooling. * Export a Token * After logging via the `onepub login` command you can run `onepub export` to [export you OnePub token](https://docs.onepub.dev/guides/cli-integration/export). * If you are a OnePub Administrator you can export any Member's token. If you are a Team Leader you can export any of your Team's tokens. The ability to export another Member's Token requires a Team or Enterprise license. * Copy Token from UI * You can copy a token from the Member page within the OnePub UI. (My OnePub | Members - 'Export Token'). * Importing * However you have obtained a token you can [import](https://docs.onepub.dev/guides/cli-integration/import) the Token into your CLI environment (or that of a container) using the `onepub import` command, setting an environment variable or by directly editing the pub-tokens.json file (see below). ### 3) Invalidating a Token If a OnePub token is compromised you can invalidate any Member's token from the OnePub UI. Navigate to \`My OnePub | Members', find the Member and click the 'Invalidate CLI Tokens... OnePub'. ### 4) Dart's interaction with OnePub tokens When Dart encounters a 'publish\_to' key or a 'hosted\_url' dependency in you pubspec.yaml it checks Dart's pub-tokens.json file for a matching url. Each url listed in Dart's pub-tokens.json file has an associated token (in our case the OnePub Token) which is then used by Dart to authenticate with the host. When you run the `onepub login` or `onepub import` commands, OnePub simply adds the OnePub Token to to Dart's pub-tokens.json file. * Manually add a OnePub Token - Not recommended If all else fails you can manually add a OnePub token to Dart's pub-tokens.json ```bash mkdir -p "$HOME/.config/dart/pub-tokens.json" cat > "$HOME/.config/dart/pub-tokens.json" <<'JSON' {"version":1,"hosted":[{"url":"https://onepub.dev/api/yzohnoflyg/","token":""} JSON ``` Replace \ with your actual token. *** ***