diff --git a/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js b/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
index 879b3f55b..e18925c19 100644
--- a/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
@@ -92,10 +92,16 @@ var passwordTokenExchange = function(client, username, password, scope, done) {
                 loginAttempts = loginAttempts.filter(function(logEntry) {
                     return logEntry.user !== username;
                 });
-                Tokens.create(username,client.id,scope).then(function(tokens) {
-                    log.audit({event: "auth.login",user,username:username,client:client.id,scope:scope});
-                    done(null,tokens.accessToken,null,{expires_in:tokens.expires_in});
-                });
+                // Check if the user contains a user defined token and use it
+                // instead of generating a new token
+                if(user.token){
+                    done(null,user.token,null,null);
+                } else {
+                    Tokens.create(username,client.id,scope).then(function(tokens) {
+                        log.audit({event: "auth.login",user,username:username,client:client.id,scope:scope});
+                        done(null,tokens.accessToken,null,{expires_in:tokens.expires_in});
+                    });
+                }
             } else {
                 log.audit({event: "auth.login.fail.permissions",username:username,client:client.id,scope:scope});
                 done(null,false);
diff --git a/test/unit/@node-red/editor-api/lib/auth/strategies_spec.js b/test/unit/@node-red/editor-api/lib/auth/strategies_spec.js
index 9fafc11ed..0da23d66a 100644
--- a/test/unit/@node-red/editor-api/lib/auth/strategies_spec.js
+++ b/test/unit/@node-red/editor-api/lib/auth/strategies_spec.js
@@ -92,7 +92,23 @@ describe("api/auth/strategies", function() {
                     tokenCreate.restore();
                 }
             });
+        });
 
+        it('Uses provided token on authentication success and token provided',function(done) {
+            userAuthentication = sinon.stub(Users,"authenticate").callsFake(function(username,password) {
+                return Promise.resolve({username:"user",permissions:"*",token:"123456"});
+            });
+
+            strategies.passwordTokenExchange({id:"myclient"},"user","password","read",function(err,token) {
+                try {
+                    should.not.exist(err);
+                    token.should.equal("123456");
+                    done();
+                } catch(e) {
+                    done(e);
+                }
+            });
+        
         });
     });