Disable token login auth for web GUI

We’ve setup OIDC as our login method for the web interface, and now we’re looking to disable token logins. I think I just need to run vault auth disable token/ but Im hoping that doesnt stop tokens for the CLI.

The token auth backend is core functionality of Vault which cannot be disabled.

This is because a token is what results from logging in with any other auth method.

Logging in with the token auth method isn’t really logging in - it’s really saying “I already logged in and here’s the evidence”.

Noted. Perhaps “disabled” should be replaced with “hidden” then?
Updating settings under /sys/auth – would that work better?

No such setting exists

Is the ‘listing_visibility’ setting not valid for the token login? /sys/auth - HTTP API | Vault by HashiCorp