统一身份认证服务 IAM-获取联邦用户的临时访问密钥和securitytoken:请求示例

时间:2024-11-06 21:56:30

请求示例

  • 填写"token"参数。包含tokenId(即token)和临时访问密钥和securitytoken的有效期。
    POST https://iam.myhuaweicloud.com/v3.0/OS-CREDENTIAL/securitytokens
    {
        "auth": {
            "identity": {
                "methods": [
                    "token"
                ],
                "token": {
                    "id": "MIIEIgYJKoZIhvc...",
                    "duration_seconds": "900"
                }
            }
        }
    }
  • 不填写“token”参数(请求头中需要X-Auth-Token)。
    POST https://iam.myhuaweicloud.com/v3.0/OS-CREDENTIAL/securitytokens
    {
        "auth": {
            "identity": {
                "methods": [
                    "token"
                ]
            }
        }
    }
  • 填写“policy”参数。即用户自定义策略的信息,用于限制获取到的临时访问密钥和securitytoken的权限(当前仅适用限制OBS服务的权限)。如果填写此参数,则临时访问密钥和securitytoken的权限为:原Token具有的权限和policy参数限制的权限交集。
    POST https://iam.myhuaweicloud.com/v3.0/OS-CREDENTIAL/securitytokens
    {
      "auth": {
        "identity": {
          "methods": [
            "token"
          ],
          "policy": {
            "Version": "1.1",
            "Statement": [
              {
                "Effect": "Allow",
                "Action": [
                  "obs:object:GetObject"
                ],
                "Resource": [
                  "OBS:*:*:object:*"
                ],
                "Condition": {
                  "StringEquals": {
                    "g:DomainName": [
                      "DomainNameExample"                    //示例,表示限制条件值,根据实际情况填写
                    ]
                  }
                }
              }
            ]
          },
          "token": {
            "duration_seconds": 900
          }
        }
      }
    }
support.huaweicloud.com/api-iam/iam_04_0003.html