POST /auth/token/authenticate
Use this endpoint to exchange a token for a map representing an RBAC subject and associated token data. Authentication isn't required.
Request format
When Forming RBAC API requests to this endpoint, the content type is
application/json. The body must be a JSON object using
these keys:
token: An authentication tokenupdate_last_activity?: A Boolean indicating whether you want a successful request to update the token'slast_activetimestamp.
For example:
curl -X POST "https://$(puppet config print server):4433/rbac-api/v2/auth/token/authenticate" \
-H "X-Authentication:$(puppet-access show)" \
-H "Content-type: application/json" \
-d '{
"token": "<TOKEN>",
"update_last_activity?": false
}'
Response format
A successful request returns a 200 OK response and JSON object representing the RBAC subject and associated token data, such as:
{
"description":null,
"creation":"YYYY-MM-DDT22:24:30Z",
"email":"franz@kafka.com",
"is_revoked":false,
"last_active":"YYYY-MM-DDT22:24:31Z",
"last_login":"YYYY-MM-DDT22:24:31.340Z",
"expiration":"YYYY-MM-DDT22:29:30Z",
"is_remote":false,
"client":null,
"login":"franz@kafka.com",
"is_superuser":false,
"label":null,
"id":"c84bae61-f668-4a18-9a4a-5e33a97b716c",
"role_ids":[1, 2, 3],
"user_id":"c84bae61-f668-4a18-9a4a-5e33a97b716c",
"timeout":null,
"display_name":"Franz Kafka",
"is_group":false
}
For information about keys describing the user, refer to Users endpoints keys. For information about keys describing the token, refer to Tokens endpoints keys.
Error responses
Invalid requests return these errors:
- 400 invalid-token: The provided token was either tampered with or could not be parsed.
- 403 token-revoked: The provided token has been revoked.
- 403 token-expired: The token has expired and is no longer valid.
- 403 token-timed-out: The token has timed out due to inactivity.
For other errors, refer to RBAC service errors .
