salt-api token expire

[SolarisYan]

Hi there, i use salt-api, first i get a token,and request with the the token.
but if i used the expired token, the request don't have any result, can i set some message to tip the token
have expired?

curl -sSk http://xxx:8000
-H 'Accept: application/x-yaml'
-H 'X-Auth-Token: 1500f41dafb0d1b6e538e1d98324240a0a7beb1e7b35afa6bc60e357913d288a69fdce329e35c26dad38642f1bc8a3f20e36bf8388b6b3101164b59c7f8b583b'
-d client='local'
-d tgt='minion03'
-d fun='test.ping'

i'm sure the token had expired,when i request with it,the request return nothing.

Salt Version:
Salt: 2016.3.1

Dependency Versions:
cffi: Not Installed
cherrypy: 3.2.2
dateutil: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.7
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
Python: 2.7.5 (default, Nov 20 2015, 02:00:19)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 14.7.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.0.5

System Versions:
dist: centos 7.2.1511 Core
machine: x86_64
release: 3.10.0-327.22.2.el7.x86_64
system: Linux
version: CentOS Linux 7.2.1511 Core

[Ch3LL]

@SolarisYan i think this is a great idea. just to make sure its plausible:

ping @whiteinge do you think this is plausible with salt-api? I'm not certain of its limits or if it is able to parse errors efficiently.

[whiteinge]

Salt performs both the authentication and authorization and salt-api only performs a couple light sanity checks. We certainly could add a check to salt-api for this. I think the ideal fix is #6420 but that's a trickier change to make.

[Ch3LL]

Thanks for the input i'll go and approve as a feature request thanks.

[rickh563]

ZD-1488