Obtaining a Login Token
Function
This API is used to obtain a login token for logging in through a custom identity broker. Login tokens are issued to users to log in through custom identity brokers. Each login token contains identity and session information of a user. To log in to a cloud service console using a custom identity broker URL, call this API to obtain a login token for authentication.
The API can be called using both the global endpoint and region-specific endpoints.
![](https://support.huaweicloud.com/eu/api-iam/public_sys-resources/note_3.0-en-us.png)
By default, a login token is valid for 10 minutes. You can set a validity period from 10 minutes to 12 hours.
URI
POST /v3.0/OS-AUTH/securitytoken/logintokens
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Yes |
Object |
Authentication information. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
access |
Yes |
String |
AK. |
secret |
Yes |
String |
SK. |
id |
Yes |
String |
Temporary security token. A login token can be obtained using the security token of a custom identity broker user or a common user. For details, see Obtaining a Temporary Access Key and Security Token Through a Token. A security token can be obtained using an agency, and the session_user.name parameter must be specified in the request body. For details, see Obtaining a Temporary Access Key and Security Token Through an Agency. |
duration_seconds |
No |
Integer |
Validity period (seconds) of the login token. The value ranges from 10 minutes to 12 hours. The default value is 10 minutes, that is, 600 seconds.
NOTE:
|
Response Parameters
Parameter |
Type |
Description |
---|---|---|
X-Subject-LoginToken |
String |
Signed login token. |
Parameter |
Type |
Description |
---|---|---|
Object |
Login token information. |
Parameter |
Type |
Description |
---|---|---|
domain_id |
String |
Account ID. |
expires_at |
String |
Time when the login token will expire. |
method |
String |
Authentication method. The value is federation_proxy for a custom identity broker user and is token for a Huawei Cloud user. |
user_id |
String |
User ID. |
user_name |
String |
Username. |
session_id |
String |
Session ID. |
session_user_id |
String |
ID of a custom identity broker user. |
session_name |
String |
Name of a custom identity broker user.
NOTE:
This parameter will be returned when you obtain a temporary access key and security token using an agency and specify the session_user.name parameter in the request body. The value of this parameter is the value of session_user.name. |
Object |
Information about the delegated party.
NOTE:
This parameter will be returned when you obtain a temporary access key and security token using an agency and specify the session_user.name parameter in the request body. |
Parameter |
Type |
Description |
---|---|---|
Object |
Information about the delegated party. |
Parameter |
Type |
Description |
---|---|---|
Object |
Delegated account information. |
|
name |
String |
Username of the delegated party. |
password_expires_at |
String |
Expiration time of the password.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
id |
String |
User ID. |
Example Request
Request for obtaining a login token through a custom identity broker
POST https://iam.myhuaweicloud.eu/v3.0/OS-AUTH/securitytoken/logintokens
{ "auth": { "securitytoken": { "access": "LUJHNN4WB569PGAP...", "secret": "7qtrm2cku0XubixiVkBOcvMfpnu7H2mLN...", "id": "gQpjbi1ub3J0a...", "duration_seconds":"600" } } }
Example Response
Status code: 201
The request is successful.
Example 1: Response to the request for obtaining a temporary access key and security token through a token
Example 2: Response to the request for obtaining a temporary access key and security token through an agency (with session_user.name in the request body)
- Example 1
Parameters in the response header X-Subject-LoginToken:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...
Parameters in the response body { "logintoken": { "domain_id": "05262121fb00d5c30fbec013bc1...", "expires_at": "2020-01-20T08:18:36.447000Z", "method": "token", "user_id": "0526213b8a80d38a1f31c013ed...", "user_name": "IAMUser", "session_user_id": "093f75808b8089ba1f6dc000c7cac...", "session_id": "40b328b6683a41b9bf8e7185e..." } }
- Example 2
Parameters in the response header X-Subject-LoginToken:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...
Parameters in the response body { "logintoken": { "domain_id": "05262121fb00d5c30fbec01...", "expires_at": "2020-01-23T03:27:26.728000Z", "method": "federation_proxy", "user_id": "07826f367b80d2474ff9c013a...", "user_name": "IAMDomainA/IAMAgency", "session_id": "0012c8e6adda4ce787e90585d...", "session_user_id": "093f75808b8089ba1f6dc000c7cac...", "session_name": "SessionUserName", "assumed_by": { "user": { "domain": { "name": "IAMDomainB", "id": "0659ef9c9c80d4560f14c009ac..." }, "name": "IAMUserB", "password_expires_at": "2020-02-16T02:44:57.000000Z", "id": "0659ef9d4d00d3b81f26c009fe..." } } } }
Status Codes
Status Code |
Description |
---|---|
201 |
The request is successful. |
400 |
Invalid parameters. |
401 |
Authentication failed. |
403 |
Access denied. |
405 |
The method specified in the request is not allowed for the requested resource. |
413 |
The request entity is too large. |
500 |
Internal server error. |
503 |
Service unavailable. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.