diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb
index 95c5ed18d08795f94947e2134bafe6b4b21db257..b5d18e3aae3a7e5c61ca73929e75bf3ec7b493ef 100644
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@@ -19,7 +19,7 @@ class AdminsController < ApplicationController
   def add_invites
     u = User.find(params[:user_id])
 
-    if u 
+    if u
       notice = "Great Job!"
       u.update_attributes(:invites => (u.invites += 10))
     else
@@ -29,12 +29,6 @@ class AdminsController < ApplicationController
     redirect_to :back, :notice => notice, :user => {:id => u.id}
   end
 
-  def generate_new_token
-    current_user.reset_authentication_token!
-    current_user.authentication_token
-    redirect_to user_search_path, :notice => "auth token reset" 
-  end
-  
   def admin_inviter
     opts = {:service => 'email', :identifier => params[:identifier]}
     existing_user = Invitation.find_existing_user('email', params[:identifier])
diff --git a/app/controllers/tokens_controller.rb b/app/controllers/tokens_controller.rb
new file mode 100644
index 0000000000000000000000000000000000000000..ca8a62f2f9a202dcd9effc6b1204d6585e491d44
--- /dev/null
+++ b/app/controllers/tokens_controller.rb
@@ -0,0 +1,12 @@
+class TokensController < ApplicationController
+  before_filter :redirect_unless_tokenable
+  def redirect_unless_tokenable
+    redirect_to root_url unless current_user.auth_tokenable?
+  end
+
+  def create
+    current_user.reset_authentication_token!
+    current_user.authentication_token
+    redirect_to token_path, :notice => "Authentication token reset."
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 9ff8afecb85b0702fa4a95734f34ab0ff10a6f60..1082eb558efe799ca3bec9749fe30dc5b5935024 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -326,6 +326,10 @@ class User < ActiveRecord::Base
     AppConfig[:admins].present? && AppConfig[:admins].include?(self.username)
   end
 
+  def auth_tokenable?
+    admin? || (AppConfig[:auth_tokenable].present? && AppConfig[:auth_tokenable].include?(self.username))
+  end
+
   protected
 
   def remove_person
diff --git a/app/views/admins/user_search.html.haml b/app/views/admins/user_search.html.haml
index 0518ed53a7188ebb2e4b31310d2b4a1c13dd4f87..feb80da2c474943a52efb3c690f3db3385045f69 100644
--- a/app/views/admins/user_search.html.haml
+++ b/app/views/admins/user_search.html.haml
@@ -12,11 +12,11 @@
 = form_tag 'user_search', :method => :get do
   username:
   = text_field_tag 'user[username]', params[:user][:username]
-  
+
   email:
   = text_field_tag 'user[email]', params[:user][:email]
 
-  invitation identifier 
+  invitation identifier
   = text_field_tag 'user[invitation_identifier]', params[:user][:invitation_identifier]
 
   invitation token:
@@ -36,14 +36,11 @@
     - if user.person.profile
       = user.person.profile.inspect
     %br
-  = "invite token: #{accept_invitation_url(user, :invitation_token => user.invitation_token)}" if user.invitation_token 
+  = "invite token: #{accept_invitation_url(user, :invitation_token => user.invitation_token)}" if user.invitation_token
   = link_to "add 10 invites for this user", add_invites_path(:user_id => user.id)
   %br
   %br
   %br
-%h3 your auth token
-%h2= current_user.authentication_token
-= link_to "reset auth token", new_auth_token_path
 %br
 = javascript_include_tag 'apiconsole'
 #query
diff --git a/app/views/aspects/index.html.haml b/app/views/aspects/index.html.haml
index 979eda06a106f1164d9c87b11ee972378ce74202..d98923c379613cb27f4343a6b57d3e3771ae75fa 100644
--- a/app/views/aspects/index.html.haml
+++ b/app/views/aspects/index.html.haml
@@ -22,6 +22,8 @@
 
   %h4.section.invite_friends
     != t('bookmarklet.explanation', :link => link_to(t('bookmarklet.explanation_link_text'), bookmarklet))
+  - if current_user.auth_tokenable?
+    %h4.section.invite_friends= link_to "Generate an authentication token for Cubbi.es", token_path
   - if @invites > 0
     .section.invite_friends
       %h4= t('shared.invitations.invite_your_friends')
diff --git a/app/views/tokens/show.html.haml b/app/views/tokens/show.html.haml
new file mode 100644
index 0000000000000000000000000000000000000000..aba67155f1a2381e9f27923a9bfbbfde5e25f69e
--- /dev/null
+++ b/app/views/tokens/show.html.haml
@@ -0,0 +1,16 @@
+%h3
+  This is a temporary hack while we develop a more general application framework.
+%div
+  - if current_user.authentication_token
+    %h4= current_user.authentication_token
+  - else
+    %h4 No authentication token set.
+%div
+  = form_tag(token_path) do
+    =submit_tag "Generate new authentication token"
+%br
+%div
+  %h4
+    Click settings on
+    = link_to "Cubbi.es", 'http://cubbi.es'
+    to share your internet folder with the internet!
diff --git a/config/app.yml.example b/config/app.yml.example
index ce5feaaa3b1b34d265d407ac1ef0aebbaaf32185..b7f529bed42fa79ba80be0878c66e5c6648eac07 100644
--- a/config/app.yml.example
+++ b/config/app.yml.example
@@ -87,6 +87,11 @@ default:
   admins:
     - 'example_user1dsioaioedfhgoiesajdigtoearogjaidofgjo'
 
+  #List of users who can generate auth tokens
+  #Temporary so we can work on apps while oauth is being developed
+  auth_tokenable:
+    - 'iknowthatthismanualauthtokenthingisnoteasyorsecure'
+
   #s3 config, if set, carrierwave will store your photos on s3
   #s3_key: 'key'
   #s3_secret: 'secret'
diff --git a/config/routes.rb b/config/routes.rb
index ed560372cffad8772e10b8e3d6b31f267a3713e5..de9ddc7a1abf13655865969bd80905fd7c20c085 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -67,6 +67,8 @@ Diaspora::Application.routes.draw do
     resources :photos, :controller => "photos", :only => [:create, :show, :destroy]
   end
 
+  #Temporary token_authenticable route
+  resource :token, :only => [:show, :create]
 
   get 'login' => redirect('/users/sign_in')
 
@@ -74,7 +76,6 @@ Diaspora::Application.routes.draw do
     match 'user_search'   => :user_search
     get   'admin_inviter' => :admin_inviter
     get   'add_invites'   => :add_invites, :as => 'add_invites'
-    get   'generate_new_token' => :generate_new_token, :as => 'new_auth_token'
   end
 
   resource :profile
diff --git a/lib/app_config.rb b/lib/app_config.rb
index ee6fa35b35a6395ed2bea052e1193ab3eef9aa18..d7ec20a14ba5e1047708b1c95c1b88b90da3e967 100644
--- a/lib/app_config.rb
+++ b/lib/app_config.rb
@@ -23,7 +23,7 @@ class AppConfig
     generate_pod_uri
     normalize_pod_url
     check_pod_uri
-    downcase_admins
+    downcase_usernames
   end
 
   def self.load_config_for_environment(env)
@@ -77,9 +77,11 @@ class AppConfig
   end
 
 
-  def self.downcase_admins
-    self.config_vars[:admins] ||= []
-    self.config_vars[:admins].collect! { |admin| admin.downcase }
+  def self.downcase_usernames
+    [:admins, :auth_tokenable].each do |key|
+      self.config_vars[key] ||= []
+      self.config_vars[key].collect! { |username| username.downcase }
+    end
   end
 
   def self.load_config_yaml filename
diff --git a/spec/controllers/admins_controller_spec.rb b/spec/controllers/admins_controller_spec.rb
index e4e1de6fbb48df944d5b3d85f81de006d6718c51..c56bc6e339b8c5594db3a6cfb425810a721a2cce 100644
--- a/spec/controllers/admins_controller_spec.rb
+++ b/spec/controllers/admins_controller_spec.rb
@@ -58,24 +58,6 @@ describe AdminsController do
       end
     end
   end
-  
-  describe '#generate_new_token' do
-    before do
-      AppConfig[:admins] = [@user.username]
-    end
-
-    it 'generates a new token for the current user' do
-      lambda { 
-        get 'generate_new_token' 
-      }.should change{ @user.reload.authentication_token }
-    end
-
-    it 'displays a token' do
-      get 'generate_new_token' 
-      get :user_search
-      response.body.should include(@user.reload.authentication_token)
-    end
-  end
 
   describe '#admin_inviter' do
     context 'admin signed in' do
diff --git a/spec/controllers/tokens_controller_spec.rb b/spec/controllers/tokens_controller_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..da28cf401187e9a1727568ed117fafcf721491a2
--- /dev/null
+++ b/spec/controllers/tokens_controller_spec.rb
@@ -0,0 +1,27 @@
+describe TokensController do
+  before do
+    AppConfig[:admins] = [bob.username]
+    AppConfig[:auth_tokenable] = [eve.username]
+  end
+  describe '#create' do
+    it 'generates a new token for the current user' do
+      sign_in bob
+      lambda {
+        get :create
+      }.should change{ bob.reload.authentication_token }
+    end
+    it 'redirects normal users away' do
+      sign_in alice
+      get :create
+      response.should redirect_to root_url
+    end
+  end
+  describe '#edit' do
+    it 'displays a token' do
+      sign_in bob
+      get :create
+      get :show
+      response.body.should include(bob.reload.authentication_token)
+    end
+  end
+end