Method | URI | Description |
---|---|---|
POST | /v2.0/tokens | Authenticates and generates a token. |
Client authentication is provided through a ReST interface by using the POST method with v2.0/tokens supplied as the path. Include a payload of credentials in the body.
The Identity API is a ReSTful web service. It is the entry point to all service APIs. To access the Identity API, you must know its URL.
Each ReST request against the Identity API requires the X-Auth-Token header. Clients obtain this token, along with the URL to other service APIs, by first authenticating against the Identity Service with valid credentials.
If the authentication token has expired, a 401 response code is returned.
If the subject token has expired, this call returns a 404 response code.
The Identity API treats expired tokens as invalid tokens.
The deployment determines how long expired tokens are stored.
As the following example responses show, the
response to an authentication request returns the
token ID in the X-Subject-Token
header
instead of in the token data.
Normal response codes: 200, 203
Error response codes: identityFault (400, 500, …), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Example 3.1. Authenticate with credentials: JSON request
{ "auth":{ "passwordCredentials":{ "username":"test_user", "password":"mypass" }, "tenantName":"customer-x" } }
Example 3.2. Authenticate with credentials: XML request
<?xml version="1.0" encoding="UTF-8"?> <auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0" tenantName="customer-x"> <passwordCredentials username="test_user" password="test"/> </auth>
Example 3.3. Authenticate with credentials: JSON response
{ "access":{ "token":{ "id": "ab48a9efdfedb23ty3494", "expires": "2010-11-01T03:32:15-05:00", "tenant":{ "id": "t1000", "name": "My Project" } }, "user":{ "id": "u123", "name": "jqsmith", "roles":[{ "id": "100", "name": "compute:admin" }, { "id": "101", "name": "object-store:admin", "tenantId": "t1000" } ], "roles_links":[] }, "serviceCatalog":[{ "name": "Cloud Servers", "type": "compute", "endpoints":[{ "tenantId": "t1000", "publicURL": "https://compute.north.host.com/v1/t1000", "internalURL": "https://compute.north.internal/v1/t1000", "region": "North", "versionId": "1", "versionInfo": "https://compute.north.host.com/v1/", "versionList": "https://compute.north.host.com/" }, { "tenantId": "t1000", "publicURL": "https://compute.north.host.com/v1.1/t1000", "internalURL": "https://compute.north.internal/v1.1/t1000", "region": "North", "versionId": "1.1", "versionInfo": "https://compute.north.host.com/v1.1/", "versionList": "https://compute.north.host.com/" } ], "endpoints_links":[] }, { "name": "Cloud Files", "type": "object-store", "endpoints":[{ "tenantId": "t1000", "publicURL": "https://storage.north.host.com/v1/t1000", "internalURL": "https://storage.north.internal/v1/t1000", "region": "North", "versionId": "1", "versionInfo": "https://storage.north.host.com/v1/", "versionList": "https://storage.north.host.com/" }, { "tenantId": "t1000", "publicURL": "https://storage.south.host.com/v1/t1000", "internalURL": "https://storage.south.internal/v1/t1000", "region": "South", "versionId": "1", "versionInfo": "https://storage.south.host.com/v1/", "versionList": "https://storage.south.host.com/" } ] }, { "name": "DNS-as-a-Service", "type": "dnsextension:dns", "endpoints":[{ "tenantId": "t1000", "publicURL": "https://dns.host.com/v2.0/t1000", "versionId": "2.0", "versionInfo": "https://dns.host.com/v2.0/", "versionList": "https://dns.host.com/" } ] } ] } }
Example 3.4. Authenticate with credentials: XML response
<?xml version="1.0" encoding="UTF-8"?> <access xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0"> <token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00"> <tenant id="t1000" name="My Project" /> </token> <user id="u123" name="jqsmith"> <roles> <role id="100" name="compute:admin"/> <role id="101" name="object-store:admin" tenantId="t1000"/> </roles> </user> <serviceCatalog> <service type="compute" name="Cloud Servers"> <endpoint tenantId="t1000" region="North" publicURL="https://compute.north.host.com/v1/t1000" internalURL="https://compute.north.host.internal/v1/t1000"> <version id="1" info="https://compute.north.host.com/v1/" list="https://compute.north.host.com/" /> </endpoint> <endpoint tenantId="t1000" region="North" publicURL="https://compute.north.host.com/v1.1/t1000" internalURL="https://compute.north.host.internal/v1.1/t1000"> <version id="1.1" info="https://compute.north.host.com/v1.1/" list="https://compute.north.host.com/" /> </endpoint> </service> <service type="object-store" name="Cloud Files"> <endpoint tenantId="t1000" region="North" publicURL="https://storage.north.host.com/v1/t1000" internalURL="https://storage.north.host.internal/v1/t1000"> <version id="1" info="https://storage.north.host.com/v1/" list="https://storage.north.host.com/" /> </endpoint> <endpoint tenantId="t1000" region="South" publicURL="https://storage.south.host.com/v1/t1000" internalURL="https://storage.south.host.internal/v1/t1000"> <version id="1" info="https://storage.south.host.com/v1/" list="https://storage.south.host.com/" /> </endpoint> </service> <service type="dnsextension:dns" name="DNS-as-a-Service"> <endpoint tenantId="t1000" publicURL="https://dns.host.com/v2.0/t1000"> <version id="2.0" info="https://dns.host.com/v2.0/" list="https://dns.host.com/" /> </endpoint> </service> </serviceCatalog> </access>