Description

TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.

Type

object

Required
  • spec

Specification

Property Type Description

.apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

.kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

.metadata

ObjectMeta meta/v1

.spec

object

TokenReviewSpec is a description of the token authentication request.

.status

object

TokenReviewStatus is the result of the token authentication request.

.spec
Description

TokenReviewSpec is a description of the token authentication request.

Type

object

Property Type Description

token

string

Token is the opaque bearer token.

.status
Description

TokenReviewStatus is the result of the token authentication request.

Type

object

Property Type Description

authenticated

boolean

Authenticated indicates that the token was associated with a known user.

error

string

Error indicates that the token couldn’t be checked

user

object

UserInfo holds the information about the user needed to implement the user.Info interface.

.status.user
Description

UserInfo holds the information about the user needed to implement the user.Info interface.

Type

object

Property Type Description

extra

object

Any additional information provided by the authenticator.

extra{}

array (string)

groups

array (string)

The names of groups this user is a part of.

uid

string

A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.

username

string

The name that uniquely identifies this user among all active users.

.status.user.extra
Description

Any additional information provided by the authenticator.

Type

object

API endpoints

The following API endpoints are available:

  • /apis/authentication.k8s.io/v1/tokenreviews

    • POST: create a TokenReview

/apis/authentication.k8s.io/v1/tokenreviews

Table 1. Global guery parameters
Parameter Type Description

pretty

string

If 'true', then the output is pretty printed.

HTTP method

POST

Description

create a TokenReview

Table 2. Body parameters
Parameter Type Description

body

TokenReview authentication.k8s.io/v1

Table 3. HTTP responses
HTTP code Reponse body

200 - OK

TokenReview authentication.k8s.io/v1

201 - Created

TokenReview authentication.k8s.io/v1

202 - Accepted

TokenReview authentication.k8s.io/v1

401 - Unauthorized

Empty