| Method | URI | Description |
|---|---|---|
| GET | /v2.0/OS-KSVALIDATE/token/validate{?belongsTo,HP-IDM-serviceId} | Checks that a token is valid and that it belongs to a specified tenant and service IDs. Returns the permissions for a particular client. |
Behavior is
similar to /tokens/{tokenId}. An
itemNotFound (404) fault is returned for
a token that is not valid.
This extension
might decrypt X-Subject-Token header and internally
call the normal validation for Identity,
passing in all headers and query parameters. It should
therefore support all existing calls on
/tokens/{tokenId}, including
extensions such as HP-IDM.
Normal response codes: 200, 203
Error response codes: identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
This table shows the header parameters for the validate token request:
| Name | Type | Description |
|---|---|---|
| String (Required) | A valid authentication token for an administrative user. |
| String (Required) | A valid authentication token. |
This operation does not require a request body.
Example 4.83. Validate Token: XML response
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
<token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00">
<tenant id="456" name="My Project" />
</token>
<user id="123" name="jqsmith">
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
<role id="123" name="Admin" tenantId="one"/>
<role id="234" name="object-store:admin" tenantId="1"/>
</roles>
</user>
</access>
Example 4.84. Validate Token: JSON response
{
"access":{
"token":{
"id": "ab48a9efdfedb23ty3494",
"expires": "2010-11-01T03:32:15-05:00",
"tenant":{
"id": "345",
"name": "My Project"
}
},
"user":{
"id": "123",
"name": "jqsmith",
"roles":[{
"id": "234",
"name": "compute:admin"
},
{
"id": "234",
"name": "object-store:admin",
"tenantId": "1"
}
],
"roles_links":[]
}
}
}