The user used to have an environment with just a master, and getting the user API token was done with a simple query to the master. After adding JOC with SSO, it is no longer possible to query the master directly with just username:password to retrieve the API token.
The ability to retrieve the API token is useful for applications that have no knowledge of how Jenkins works, and just want to provide their credentials(username:password) to execute a command.
CloudBees Jenkins Operations Center
The JOC needs to be queried directly to retrieve the API token. This token will be usable across all connected client masters. An example can be found below.
curl 'http://<username>:<password>@<joc-host>:<port>/user/<user>/configure' | grep apiToken curl 'http://<username>:<USER-API-TOKEN-FROM-JOC>@<jenkins-master-host>:<port>/<job-trigger-path>'