A system includes reception, at a server and in a first browser session, of a request from a client for a token to access a first software service, determination of a token stored in a server memory of the server and associated with the first service and the client, determination, at the server, of whether a validity period of the token is within a predetermined period of expiration, and, if it is determined that the validity period of the token is within a predetermined period of expiration, transmission of a request for a new token to access the first software service from a token provider associated with the first service, reception of the new token from the token provider, and provision of the new token to the client in the first browser session.