0

I have username and password. I would like to authentication the token. First, I sent a request to password authentication api of keystone and I got an audit_id. Then, I send a request to token authentication api. but the response is like below.

"error":{"code":404,"message":"Could not recognize Fernet token","title":"Not Found"}

The input:

{
    "auth": {
        "identity": {
            "methods": [
                "token"
            ],
            "password": {
                "user": {
                    "domain": {
                        "id": "default"
                    },
                    "name": "my_username",
                    "password": "my_password"
                }
            },
            "token": {
                "id": "my_audit_id"
            }
        }
    }
}
berndbausch
  • 1,033
  • 8
  • 12
Bani
  • 19
  • 6

1 Answers1

0

You are trying to obtain a token with another token. To do this, you need to submit the token you received earlier, not an audit_id (see documentation). The error message means that the audit_id that you submitted is not a valid Fernet token.

The purpose of an audit_id is not to authenticate or to validate a token, but to track how a request is processed; you will find it in Keystone's log messages.

There is a special API for validating tokens.

berndbausch
  • 1,033
  • 8
  • 12
  • Many thanks for your kind help. How can I get X-Auth-Token via api? – Bani Feb 02 '21 at 06:47
  • The same way you get any token. – berndbausch Feb 02 '21 at 07:21
  • I called this api: https://docs.openstack.org/api-ref/identity/v3/index.html?expanded=password-authentication-with-unscoped-authorization-detail,validate-and-show-information-for-token-detail,password-authentication-with-scoped-authorization-detail#password-authentication-with-scoped-authorization but it does not give me X-Auth-Token or X-Subject-Token. It just sent audit_id to me. The link you mentioned is for validating a token but I have not a token, I have just an audit_id. – Bani Feb 02 '21 at 07:28
  • The API doc says "An authentication response returns the token ID in this header rather than in the response body." – berndbausch Feb 02 '21 at 07:30