Obtaining a Scoped Token
Function
This API is used to obtain a scoped token through federated identity authentication.
URI
POST /v3/auth/tokens
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Content-Type |
No |
String |
Fill application/json;charset=utf8 in this field. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Yes |
Object |
Authentication information. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Yes |
Object |
Authentication parameters. |
|
Yes |
Object |
Application scope of the token. The value can be project or domain. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
methods |
Yes |
Array of strings |
Authentication method. The value of this field is token. |
Yes |
Object |
Unscoped token information. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
No |
Object |
If this field is set to domain, the token can be used to access resources in all projects under the account of a specified ID or name. |
|
No |
Object |
If this field is set to project, the token can only be used to access resources in the project of a specified ID or name. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
id |
No |
String |
Domain ID. Either id or name must be specified. |
name |
No |
String |
Domain name. Either id or name must be specified. |
Response Parameters
Parameter |
Type |
Description |
|---|---|---|
X-Subject-Token |
string |
Signed scoped token. |
Parameter |
Type |
Description |
|---|---|---|
Object |
Details of the scoped token. |
Parameter |
Type |
Description |
|---|---|---|
methods |
Array of strings |
Method for obtaining the token. |
expires_at |
String |
Time when the token will expire. |
Array of objects |
Catalog information. |
|
Object |
Domain information of the IAM user who requests for the token. This parameter is returned only when the scope parameter in the request body has been set to domain. |
|
Object |
Project information of the user. This parameter is returned only when the scope parameter in the request body has been set to project. |
|
Array of objects |
Permissions information of the token. |
|
Object |
Information about the user who requests for the token. |
|
issued_at |
String |
Time when the token was issued. |
Parameter |
Type |
Description |
|---|---|---|
type |
String |
Type of the service to which the API belongs. |
id |
String |
Service ID. |
name |
String |
Service name. |
Array of objects |
Endpoint information. |
Parameter |
Type |
Description |
|---|---|---|
url |
String |
Endpoint URL. |
region |
String |
Region to which the endpoint belongs. |
region_id |
String |
Region ID. |
interface |
String |
Visibility of the API. public indicates that the API is available for public access. |
id |
String |
Endpoint ID. |
Parameter |
Type |
Description |
|---|---|---|
name |
String |
Project name. |
id |
String |
Project ID. |
Object |
Domain information of the project. |
Parameter |
Type |
Description |
|---|---|---|
name |
String |
Domain name. |
id |
String |
Domain ID. |
Parameter |
Type |
Description |
|---|---|---|
name |
String |
Permission name. |
id |
String |
Permission ID. The default value is 0, which does not correspond to any permission. |
Parameter |
Type |
Description |
|---|---|---|
Object |
Information about the domain used to create the user. |
|
Object |
Federated identity authentication information. |
|
id |
String |
User ID. |
name |
String |
Username. |
password_expires_at |
String |
UTC time when the password will expire. If this parameter is empty, it indicates that the password has unlimited validity. |
Parameter |
Type |
Description |
|---|---|---|
Array of objects |
User group information. |
|
Object |
Identity provider information. |
|
Object |
Protocol information. |
Parameter |
Type |
Description |
|---|---|---|
id |
String |
User group ID. |
name |
String |
User group name. |
Example Request
POST https://sample.domain.com/v3/auth/tokens
{
"auth": {
"identity": {
"methods": [
"token"
],
"token": {
"id": "MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB..."
}
},
"scope": {
"domain": {
"id": "063bb260a480cecc0f36c0086bb6c..."
}
}
}
}
Example Response
Status code: 201
The scoped token is obtained successfully.
Parameters in the response header X-Subject-Token:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...
Parameters in the response body
{
"token": {
"expires_at": "2020-02-13T14:21:34.042000Z",
"methods": [
"token"
],
"catalog": [
{
"endpoints": [
{
"id": "d2983f677ce14f1e81cbb6a9345a1...",
"interface": "public",
"region": "*",
"region_id": "*",
"url": "https://sample.domain.com/v3"
}
],
"id": "fd631b3426cb40f0919091d5861d8...",
"name": "keystone",
"type": "identity"
}
],
"domain": {
"id": "06aa2260a480cecc0f36c0086bb6cfe0",
"name": "IAMDomain"
},
"roles": [
{
"id": "0",
"name": "te_admin"
},
{
"id": "0",
"name": "secu_admin"
}
],
"issued_at": "2020-02-12T14:21:34.042000Z",
"user": {
"OS-FEDERATION": {
"groups": [
{
"id": "06aa2260bb00cecc3f3ac0084a74038f",
"name": "admin"
}
],
"identity_provider": {
"id": "ACME"
},
"protocol": {
"id": "saml"
}
},
"domain": {
"id": "06aa2260a480cecc0f36c0086bb6cfe0",
"name": "IAMDomain"
},
"id": "LdQTDSC7zmJVIic3yaCbLBXDxPAdDxLg",
"name": "FederationUser",
"password_expires_at": ""
}
}
}
Status Codes
Status Code |
Description |
|---|---|
201 |
The scoped token is obtained successfully. |
400 |
The server failed to process the request. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
500 |
Internal server error. |
503 |
Service unavailable. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
