+ Enabling this functionality allows Jenkins API token based access even if the associated user has
+ completly logged out from Jenkins and the OIC Provider.
+
+ The default behavior is to require any Jenkins API token based access to have an valid OIC session user
+ session associated with it. This means that the user associated with the Jenkins API token
+ be logged in via the UI in order to use an API token for Jenkins CLI access.
+
\ No newline at end of file
diff --git a/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java b/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
index 85af5782..244c6526 100644
--- a/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
+++ b/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
@@ -21,6 +21,7 @@
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
+import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
@@ -38,6 +39,7 @@
import java.util.regex.Pattern;
import javax.servlet.http.HttpSession;
import jenkins.model.Jenkins;
+import jenkins.security.ApiTokenProperty;
import jenkins.security.LastGrantedAuthoritiesProperty;
import org.hamcrest.MatcherAssert;
import org.htmlunit.html.HtmlPage;
@@ -67,6 +69,7 @@
import static com.github.tomakehurst.wiremock.client.WireMock.verify;
import static com.google.gson.JsonParser.parseString;
import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.is;
import static org.jenkinsci.plugins.oic.TestRealm.AUTO_CONFIG_FIELD;
@@ -367,6 +370,37 @@ private HttpResponse