From Ravi Nori <rnori@redhat.com>:

Ravi Nori has submitted this change and it was merged. Change subject: aaa: Token validation does not need client and secret ...................................................................... aaa: Token validation does not need client and secret Token validation should not check for client id and client secret. Token validation can be performed by sending request to sso/oauth/token-info endpoint by sending the token and the scope ovirt-ext=token-info:validate with proper accept header of application/json. An empty json response indicates the session is alive and a json response with error_code of invalid_grant indicates that the session has expired. Change-Id: If8f64e2e182ac9baf66cdb8d70946719d71f4da9 Bug-Url: https://bugzilla.redhat.com/1416491 Signed-off-by: Ravi Nori <rnori@redhat.com> --- M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/OAuthTokenInfoServlet.java 1 file changed, 24 insertions(+), 19 deletions(-) Approvals: Martin Peřina: Looks good to me, approved Ravi Nori: Verified Jenkins CI: Passed CI tests -- To view, visit https://gerrit.ovirt.org/74532 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: If8f64e2e182ac9baf66cdb8d70946719d71f4da9 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rnori@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Martin Peřina <mperina@redhat.com> Gerrit-Reviewer: Ravi Nori <rnori@redhat.com> Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>