[Openstack] Keystone Validate Token

Bryan Taylor btaylor at rackspace.com
Tue Dec 13 23:10:37 UTC 2011

The keystone management API has a validate token method that looks like:
GET /tokens/{tokenId}?belongsTo=tenantId

See <http://docs.openstack.org/incubation/identity-dev-guide/content/Validate_Token-d1e1914.html>

Why is the validate token method in the keystone admin API and not the service API? 

If the requestor has a token, they can act as the user, creating and deleting servers, files, etc..., but we've decided to lock down the resource that says when their token expires, their username, and what roles and tenants they have. Why?

More information about the Openstack mailing list