A controller resource to operate on OAuth requests. This endpoint performs OAuth signature validation to allow external services to authenticate users via OAuth signed requests.
Valid Tokens are those obtained from the OAuth token resource.
If the OAuth signature provided is valid, a few extra fields are returned:
POST
/api/v2/requests/validate
¶Validates an OAuth-signature.
Form Parameters: | |
---|---|
|
|
Status Codes: |
|
This method does not require authentication, and returns whether the given OAuth signature is valid for the given http_url
and http_method
.
If the authorization
field is not present, the OAuth signature is expected to be present in http_url as part of the query string.
Request:
POST /api/v2/requests/validate HTTP/1.1
Host: login.ubuntu.com
Accept: application/json
Content-Type: application/json
{
"http_url": "http://example.com",
"http_method": "GET",
"authorization": "OAuth realm='Some client', oauth_version='1.0', oauth_signature='OitsO7PakZXODFSQsjoMQNOrkP4%3D', oauth_token='xgrsJDHzSQqFWhElJgpTvOZOCkQsLxMYVEtPZhRVteMTUHWyry', oauth_nonce='39751507', oauth_timestamp='1360097166', oauth_signature_method='HMAC-SHA1', oauth_consumer_key='64we8bn'"
}
Response:
If signature is valid:
HTTP/1.1 200 OK
Content-Type: application/json
{
"is_valid": true,
"identifier": "64we8bn",
"account_verified": true
}
If signature is not valid:
HTTP/1.1 200 OK
Content-Type: application/json
{
"is_valid": false
}