Token Service Review
Review a token to validate it and look up users/groups. This API is configured as a webhook on the apiserver and expects request/response in the specified format- https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
Request
URI
POST
https://{api_host}/https://your_org.tmc.cloud.vmware.com/v1alpha1/clusters/{clusterUid}/auth/token
COPY
Path Parameters
string
clusterUid
Required
ClusterUID is the UID for the cluster.
Query Parameters
boolean
userIdAsGroup
Optional
UserIDAsGroup flag is used to determine whether to return the user ID as part of group in the response. This is needed as pinniped doesn't support UID as part of UserInfo and would allow us to still keep track of it by adding it as a part of the group.
Request Body
Body is the body of the webhook request.
vmware.tanzu.manage.v1alpha1.cluster.auth.token.ReviewRequest.Body of type(s) application/json
Required
{
"apiVersion": "string",
"kind": "string",
"spec": {
"token": "string",
"audiences": [
"string"
]
}
}
Responses
200
A successful response.
Returns vmware.tanzu.manage.v1alpha1.cluster.auth.token.ReviewResponse of type(s) */*
{
"apiVersion": "string",
"kind": "string",
"status": {
"authenticated": false,
"error": "string",
"audiences": [
"string"
],
"user": {
"username": "string",
"uid": "string",
"groups": [
"string"
]
}
}
}
default
An unexpected error response.
Returns grpc.gateway.runtime.Error of type(s) */*
{
"error": "string",
"code": 0,
"message": "string",
"details": [
{
"typeUrl": "string",
"value": "string"
}
]
}