Method | URI | Description |
---|---|---|
GET | /v2.0/OS-KSVALIDATE/token/validate{?belongsTo,HP-IDM-serviceId} | Checks that a token is valid and that it belongs to a specified tenant and service IDs. Returns the permissions for a particular client. |
Behavior is
similar to /tokens/{tokenId}
. An
itemNotFound (404
) fault is returned for
a token that is not valid.
This extension
might decrypt X-Subject-Token
header and internally
call the normal validation for Identity,
passing in all headers and query parameters. It should
therefore support all existing calls on
/tokens/{tokenId}
, including
extensions such as HP-IDM.
Normal response codes: 200, 203
Error response codes: identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
This table shows the header parameters for the validate token request:
Name | Type | Description |
---|---|---|
| String (Required) | A valid authentication token for an administrative user. |
| String (Required) | A valid authentication token. |
This operation does not require a request body.
Example 4.83. Validate Token: XML response
<?xml version="1.0" encoding="UTF-8"?> <access xmlns="http://docs.openstack.org/identity/api/v2.0"> <token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00"> <tenant id="456" name="My Project" /> </token> <user id="123" name="jqsmith"> <roles xmlns="http://docs.openstack.org/identity/api/v2.0"> <role id="123" name="Admin" tenantId="one"/> <role id="234" name="object-store:admin" tenantId="1"/> </roles> </user> </access>
Example 4.84. Validate Token: JSON response
{ "access":{ "token":{ "id": "ab48a9efdfedb23ty3494", "expires": "2010-11-01T03:32:15-05:00", "tenant":{ "id": "345", "name": "My Project" } }, "user":{ "id": "123", "name": "jqsmith", "roles":[{ "id": "234", "name": "compute:admin" }, { "id": "234", "name": "object-store:admin", "tenantId": "1" } ], "roles_links":[] } } }