Token Management

Managing OnePub tokens & how they interact with dart pub

In order for the Dart CLI tooling to interact with OnePub, you need to provide it with a OnePub token so the Dart tooling can authenticate itself to OnePub.

The following guide discusses the multiple ways you can provide Dart with a OnePub token but the easiest way is to simply run:

onepub login

The Dart CLI tools can now publish and get packages to/from OnePub.

This guide explains OnePub 'Tokens', how to generate/export them, and exactly how they’re consumed by the Dart toolchain (dart pub) in local dev, CI, and containers.

1) OnePub tokens

There is only one type of token in OnePub: the member token.

  • Each token belongs to a specific member.

  • It lasts 30 days, but:

    • Every time the token is successfully used, its life is automatically extended for another 30 days.

  • Tokens grant the same level of package access that the member has.

This single‑token model keeps things simple: whether you're developing locally, publishing a package, or running CI, you always use the same member token.

The Team and Enterprise editions allow you to create a specialised CI/CD member that can be used in your CI/CD pipeline.

2) Obtaining a Token

You can obtain a OnePub Token via one of three methods.

  • Implicitly

    • Run 'onepub login' from any CLI environment. This command authenticates you with OnePub and then makes the token visible to the Dart CLI tooling.

  • Export a Token

    • After logging via the onepub login command you can run onepub export to export you OnePub token.

    • If you are a OnePub Administrator you can export any Member's token. If you are a Team Leader you can export any of your Team's tokens. The ability to export another Member's Token requires a Team or Enterprise license.

  • Copy Token from UI

    • You can copy a token from the Member page within the OnePub UI. (My OnePub | Members - 'Export Token').

  • Importing

    • However you have obtained a token you can import the Token into your CLI environment (or that of a container) using the onepub import command, setting an environment variable or by directly editing the pub-tokens.json file (see below).

3) Invalidating a Token

If a OnePub token is compromised you can invalidate any Member's token from the OnePub UI. Navigate to `My OnePub | Members', find the Member and click the 'Invalidate CLI Tokens... OnePub'.

4) Dart's interaction with OnePub tokens

When Dart encounters a 'publish_to' key or a 'hosted_url' dependency in you pubspec.yaml it checks Dart's pub-tokens.json file for a matching url. Each url listed in Dart's pub-tokens.json file has an associated token (in our case the OnePub Token) which is then used by Dart to authenticate with the host. When you run the onepub login or onepub import commands, OnePub simply adds the OnePub Token to to Dart's pub-tokens.json file.

  • Manually add a OnePub Token - Not recommended

    If all else fails you can manually add a OnePub token to Dart's pub-tokens.json

mkdir -p "$HOME/.config/dart/pub-tokens.json"
cat > "$HOME/.config/dart/pub-tokens.json" <<'JSON'
{"version":1,"hosted":[{"url":"https://onepub.dev/api/yzohnoflyg/","token":"<ONEPUB_TOKEN>"}
JSON

Replace <ONEPUB_TOKEN> with your actual token.

PreviousCreating a Team LeaderNextFAQ

Last updated

Was this helpful?