This description relates to techniques for authenticating an application through generation of a dynamic application-specific token. A client application executing on a client device receives a request from a server for a token. The client application accesses a resource file or portion thereof that is accessible to both the client application and authenticator and is known to be accessible to the client application by the authenticator in response to the request for the token and extracts a copy of the resource file or the portion. A token is generated based on the extracted copy and additional information factors if any, some of which may be random or pseudo-random. The token is transmitted to the server for authentication.