Validate a cross-org superadmin API token (lh_sa_...). Returns a SuperadminAPITokenUser principal on success, None otherwise. The principal's `id` is the token id (not a user id) — code that needs the acting user must use `created_by_user_id`.
(
token: str,
db_session: AsyncSession,
)
| 540 | |
| 541 | |
| 542 | async def validate_superadmin_api_token( |
| 543 | token: str, |
| 544 | db_session: AsyncSession, |
| 545 | ) -> Optional[SuperadminAPITokenUser]: |
| 546 | """Validate a cross-org superadmin API token (lh_sa_...). |
| 547 | |
| 548 | Returns a SuperadminAPITokenUser principal on success, None otherwise. |
| 549 | The principal's `id` is the token id (not a user id) — code that needs |
| 550 | the acting user must use `created_by_user_id`. |
| 551 | """ |
| 552 | from src.services.api_tokens.superadmin_api_tokens import ( |
| 553 | validate_superadmin_token_for_auth, |
| 554 | ) |
| 555 | |
| 556 | api_token = await validate_superadmin_token_for_auth(token, db_session) |
| 557 | if not api_token: |
| 558 | return None |
| 559 | |
| 560 | return SuperadminAPITokenUser( |
| 561 | id=api_token.id, |
| 562 | user_uuid=api_token.token_uuid, |
| 563 | username=f"superadmin_api_token_{api_token.name}", |
| 564 | token_name=api_token.name, |
| 565 | created_by_user_id=api_token.created_by_user_id, |
| 566 | ) |