checkToken #
Checks the validity of an authentication token.
Query Syntax #
HTTP #
URL: http://kuzzle:7512/_checkToken
Method: POST
Body:
{
"token": "<authentication token to check>"
}
Other protocols #
{
"controller": "auth",
"action": "checkToken",
"body": {
"token": "<authentication token to check>"
}
}
Available since 2.16.8
When no token is provided the method returns information about the anonymous token (kuid
is -1
), instead of throwing an error.
Body properties #
token
: the authentication token to be tested
Optional: #
cookieAuth
: Enable the validation of the token in an HTTP Cookie- This only works in a Browser and only if Kuzzle CORS is properly configured. see Authentication Token in the Browser
Response #
The returned result contains the following properties:
expiresAt
: token expiration timestamp. Present only ifvalid
is truestate
: the reason why a token is invalid. Present only ifvalid
is falsekuid
: identifier of the user linked to this tokenAvailable since 2.8.0valid
: a boolean telling whether the provided token is valid or not
Example:
{
"status": 200,
"error": null,
"controller": "auth",
"action": "checkToken",
"requestId": "<unique request identifier>",
"result": {
"valid": true,
"expiresAt": 1538557452248,
"kuid": "5c6a775f-495c-472e-b29b-f6a4fa9f6a3e"
}
}
Edit this page on Github (opens new window)