Validate Token

 
MethodURIDescription
GET/v2.0/OS-KSVALIDATE/token/validate​{?belongsTo,​HP-IDM-serviceId}

Checks that a token is valid and that it belongs to a specified tenant and service IDs. Returns the permissions for a particular client.

Behavior is similar to /tokens/{tokenId}. An itemNotFound (404) fault is returned for a token that is not valid.

This extension might decrypt X-Subject-Token header and internally call the normal validation for Identity, passing in all headers and query parameters. It should therefore support all existing calls on /tokens/{tokenId}, including extensions such as HP-IDM.

Normal response codes: 200, 203

Error response codes: identityFault (400, 500, ), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

 Request

This table shows the header parameters for the validate token request:

NameTypeDescription

X-Auth-Token

​String

(Required)

A valid authentication token for an administrative user.

X-Subject-Token

​String

(Required)

A valid authentication token.

This operation does not require a request body.

 Response

 

Example 4.83. Validate Token: XML response

<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
    <token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00">
        <tenant id="456" name="My Project" />
    </token>
    <user id="123" name="jqsmith">
        <roles xmlns="http://docs.openstack.org/identity/api/v2.0">
            <role id="123" name="Admin" tenantId="one"/>
            <role id="234" name="object-store:admin" tenantId="1"/>
        </roles>
    </user>
</access>

 

Example 4.84. Validate Token: JSON response

{
    "access":{
        "token":{
            "id": "ab48a9efdfedb23ty3494",
            "expires": "2010-11-01T03:32:15-05:00",
            "tenant":{
                "id": "345",
                "name": "My Project"
            }
        },
        "user":{
            "id": "123",
            "name": "jqsmith",
            "roles":[{
                    "id": "234",
                    "name": "compute:admin"
                },
                {
                    "id": "234",
                    "name": "object-store:admin",
                    "tenantId": "1"
                }
            ],
            "roles_links":[]
        }
    }
}

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...