364462e2db
This patch modifies parameters name to make it be maintainable and reusable Change-Id: I0dc5fb29f3eef5e1269a36df4cd952ed54267f88
174 lines
4.1 KiB
ReStructuredText
174 lines
4.1 KiB
ReStructuredText
.. -*- rst -*-
|
|
|
|
======
|
|
Tokens
|
|
======
|
|
|
|
|
|
List endoints for token
|
|
=======================
|
|
|
|
.. rest_method:: GET /v2.0/tokens/{tokenId}/endpoints
|
|
|
|
Lists the endpoints associated with a token.
|
|
|
|
Normal response codes: 200,203
|
|
Error response codes: 413,405,404,403,401,400,503
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- tokenId: token_id_path
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/admin/token-endpoints-list-response.json
|
|
:language: javascript
|
|
|
|
|
|
Authenticate for admin API
|
|
==========================
|
|
|
|
.. rest_method:: POST /v2.0/tokens
|
|
|
|
Authenticates and generates a token.
|
|
|
|
A REST interface provides client authentication by using the POST
|
|
method with ``v2.0/tokens`` as the path. Include a payload of
|
|
credentials in the body.
|
|
|
|
The Identity API is a RESTful web service. It is the entry point to
|
|
all service APIs. To access the Identity API, you must know its
|
|
URL.
|
|
|
|
Each REST request against the Identity Service requires the ``X
|
|
-Auth-Token`` header. Clients obtain this token and the URL
|
|
endpoints for other service APIs by supplying their valid
|
|
credentials to the authentication service.
|
|
|
|
If the authentication token has expired, this call returns the HTTP
|
|
``unauthorized (401)`` response code.
|
|
|
|
If the token has expired, this call returns the ``itemNotFound
|
|
(404)`` response code.
|
|
|
|
The Identity API treats expired tokens as no longer valid tokens.
|
|
|
|
The deployment determines how long expired tokens are stored.
|
|
|
|
To view the ``trust`` object, you need to set ``trust`` enable on
|
|
the keystone configuration.
|
|
|
|
Normal response codes: 200,203
|
|
Error response codes: 413,405,404,403,401,400,503
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: ../v2/samples/admin/authenticate-token-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- token: token
|
|
- access: access
|
|
- issued_at: token_issued_at
|
|
- expires: token_expires
|
|
- id: token_id
|
|
- tenant: tenant
|
|
- description: tenant_description
|
|
- serviceCatalog: serviceCatalog
|
|
- type: serviceCatalog_type
|
|
- endpoints_links: serviceCatalog_endpoints_links
|
|
- impersonation: impersonation
|
|
- endpoints: endpoints
|
|
- user: user
|
|
- roles: roles
|
|
- metadata: metadata
|
|
- trust: trust
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: ../v2/samples/admin/authenticate-response.json
|
|
:language: javascript
|
|
|
|
|
|
Validate token
|
|
==============
|
|
|
|
.. rest_method:: GET /v2.0/tokens/{tokenId}
|
|
|
|
Validates a token and confirms that it belongs to a tenant.
|
|
|
|
Returns the permissions relevant to a particular client. Valid
|
|
tokens are in the ``/tokens/{tokenId}`` path. If the token is not
|
|
valid, this call returns the ``itemNotFound (404)`` response code.
|
|
This method supports an optional parameter ``belongsTo`` to check
|
|
the token scope against the ID of a project. If the token does
|
|
not belong to the project specified in the parameter a
|
|
``unauthorized (401)`` response code will be returned.
|
|
|
|
Normal response codes: 200,203
|
|
Error response codes: 413,405,404,403,401,400,503
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- tokenId: token_id_path
|
|
- belongsTo: belongsTo
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/admin/token-validate-response.json
|
|
:language: javascript
|
|
|
|
|
|
Validate token (admin)
|
|
======================
|
|
|
|
.. rest_method:: HEAD /v2.0/tokens/{tokenId}
|
|
|
|
Validates a token and confirms that it belongs to a tenant, for performance.
|
|
This method supports an optional parameter ``belongsTo`` to check
|
|
the token scope against the ID of a project. If the token does
|
|
not belong to the project specified in the parameter a
|
|
``unauthorized (401)`` response code will be returned.
|
|
|
|
Normal response codes: 200,203,204
|
|
Error response codes: 413,405,404,403,401,400,503
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- tokenId: token_id_path
|
|
- belongsTo: belongsTo
|
|
|
|
Delete token
|
|
============
|
|
|
|
.. rest_method:: DELETE /v2.0/tokens/{tokenId}
|
|
|
|
Deletes a token.
|
|
|
|
Normal response codes: 204
|
|
Error response codes: 413,405,404,403,401,400,503
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- tokenId: token_id_path
|