Rest API /api/authentication/validate has unexpected results

Said API /api/authentication/validate when called with Sonar Cloud to validate the token -

• With no Authorization header - returning { "valid": true } -
• With Authorization header with correct bearer token - returning { "valid": true } -
• With Authorization header with incorrect bearer token - returning { "valid": false } -

When called with Sonarqube Enterprise Edition Version 10.2.1 where SAML is enabled -

• With any Authorization header - returning { "valid": false } -

Is there any limitation/issues/additional steps for expected results? Didn’t find anything specific in documentation.

Hey there.

Since SonarCloud allows some level of public access (to view public projects), I think this is expected.

I can reproduce this on 10.3, and that’s definitely weird. I’ll flag this for attention.

Hello @kunal-mazumdar,

There is indeed an issue with this endpoint, the token validation is not done properly.
A ticket was created to follow the issue: SONAR-21116

Thank you for the report!