TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.
Expand or mouse-over a field for more information about it.
apiVersion:kind:metadata:
annotations:
[string]:clusterName:creationTimestamp:deletionGracePeriodSeconds:deletionTimestamp:finalizers:
- [string]:generateName:generation:initializers:
pending:
- name:result:
apiVersion:code:details:
causes:
- field:message:reason:group:kind:name:retryAfterSeconds:uid:kind:message:metadata:
continue:resourceVersion:selfLink:reason:status:labels:
[string]:name:namespace:ownerReferences:
- apiVersion:blockOwnerDeletion:controller:kind:name:uid:resourceVersion:selfLink:uid:spec:
token:status:
authenticated:error:user:
extra:
[string]:groups:
- [string]:uid:username:
Create a TokenReview
POST /apis/authentication.k8s.io/v1beta1/tokenreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'
{
"kind": "TokenReview",
"apiVersion": "authentication.k8s.io/v1beta1",
...
}
$ curl -k \
-X POST \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
https://$ENDPOINT/apis/authentication.k8s.io/v1beta1/tokenreviews <<'EOF'
{
"kind": "TokenReview",
"apiVersion": "authentication.k8s.io/v1beta1",
...
}
EOF