Validate a token against the API

Verifies that a token belongs to a valid user by calling the realm's /api/me endpoint. Optionally checks that the user belongs to a specific project. This is for Plumber APIs and other server-side code that needs to validate incoming tokens.

You probably don't need this for interactive use. The package validates tokens automatically during auth_login().

Usage

auth_validate(token, project_id = NULL, realm = "counts")

Arguments

token

The user's token (with or without "Bearer " prefix).

project_id

Optional project ID to check membership. If NULL, only checks authentication status.

realm

Character. The realm to validate against (default "counts").

Value

TRUE (with a "user_data" attribute) on success, FALSE on failure.

Details

On success, the returned TRUE value carries a "user_data" attribute containing the parsed /api/me response (user ID, email, project_id, etc.). This allows callers like auth_use_token() to populate auth state without a redundant API call.

See also

auth_use_token() to use a validated token for API calls, auth_login() for interactive authentication

Examples

if (FALSE) { # \dontrun{
# Validate a token
auth_validate("SOMERANDOMTOKEN")

# Validate and check project membership
auth_validate("SOMERANDOMTOKEN", project_id = 2)

# Access user data from successful validation
result <- auth_validate("SOMERANDOMTOKEN")
if (isTRUE(result)) {
  user_data <- attr(result, "user_data")
}
} # }