Jenkins 2.129 introduced a new API token system (see Security Hardening: New API token system).
The recommendation is for users to delete their existing (legacy) tokens, and replace them (if they are required) with a newly generated non-legacy token.
However, I cannot do that for a service account that cannot log in.
- Previously, administrators could generate tokens on behalf of such users.
- In 2.129+, an administrator can generate a new value for an existing legacy token, but cannot generate a new non-legacy token for a service user.
Administrators should be able to generate a token for a service account.