diff --git a/api/modules/authserver/models/AuthenticationForm.php b/api/modules/authserver/models/AuthenticationForm.php
index c12df0b..41a99d2 100644
--- a/api/modules/authserver/models/AuthenticationForm.php
+++ b/api/modules/authserver/models/AuthenticationForm.php
@@ -14,6 +14,7 @@ use common\helpers\Error as E;
 use common\models\Account;
 use common\models\OauthClient;
 use common\models\OauthSession;
+use Ramsey\Uuid\Uuid;
 use Webmozart\Assert\Assert;
 use Yii;
 
@@ -41,7 +42,7 @@ class AuthenticationForm extends ApiForm {
 
     public function rules(): array {
         return [
-            [['username', 'password', 'clientToken'], RequiredValidator::class],
+            [['username', 'password'], RequiredValidator::class],
             [['clientToken'], ClientTokenValidator::class],
             [['requestUser'], 'boolean'],
         ];
@@ -110,8 +111,9 @@ class AuthenticationForm extends ApiForm {
 
         /** @var Account $account */
         $account = $loginForm->getAccount();
-        $token = Yii::$app->tokensFactory->createForMinecraftAccount($account, $this->clientToken);
-        $dataModel = new AuthenticateData($account, (string)$token, $this->clientToken, (bool)$this->requestUser);
+        $clientToken = $this->clientToken ?: Uuid::uuid4()->toString();
+        $token = Yii::$app->tokensFactory->createForMinecraftAccount($account, $clientToken);
+        $dataModel = new AuthenticateData($account, (string)$token, $clientToken, (bool)$this->requestUser);
         /** @var OauthSession|null $minecraftOauthSession */
         $minecraftOauthSession = $account->getOauthSessions()
             ->andWhere(['client_id' => OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER])
diff --git a/api/tests/functional/authserver/AuthorizationCest.php b/api/tests/functional/authserver/AuthorizationCest.php
index d5ebefa..b7b1b06 100644
--- a/api/tests/functional/authserver/AuthorizationCest.php
+++ b/api/tests/functional/authserver/AuthorizationCest.php
@@ -107,6 +107,16 @@ class AuthorizationCest {
         ]);
     }
 
+    public function withoutClientToken(FunctionalTester $I): void {
+        $I->sendPOST('/api/authserver/authentication/authenticate', [
+            'username' => 'admin',
+            'password' => 'password_0',
+        ]);
+        $I->canSeeResponseCodeIs(200);
+        $clientToken = $I->grabDataFromResponseByJsonPath('$.clientToken')[0];
+        $I->assertNotEmpty($clientToken);
+    }
+
     public function tooLongClientToken(FunctionalTester $I) {
         $I->wantTo('send non uuid clientToken with more then 255 characters length');
         $I->sendPOST('/api/authserver/authentication/authenticate', [