I think this is currently not implemented.
This should go here:
request.all_data["user"] = CurrentUser.login
request.all_data["resolver"] = CurrentUser.resolver
request.all_data["realm"] = CurrentUser.realm
# An administrator is calling this API
# TODO: Check is there are realm specific admin policies, so that the
# admin is only allowed to act on certain realms
# If now realm is specified, we need to add "filterrealms".
# If the admin tries to view realms, he is not allowed to, we need to
# raise an exception.
To preset the tokenrealm for the endpoint
GET /token/ accordingly:
Display the list of tokens. Using different parameters you can choose,
which tokens you want to get and also in which format you want to get the
:query serial: Display the token data of this single token. You can do a
not strict matching by specifying a serial like "*OATH*".
:query type: Display only token of type. You ca do a non strict matching by
specifying a tokentype like "*otp*", to file hotp and totp tokens.
:query user: display tokens of this user
:query tokenrealm: takes a realm, only the tokens in this realm will be
:query basestring description: Display token with this kind of description
:query sortby: sort the output by column
:query sortdir: asc/desc
:query page: request a certain page
:query assigned: Only return assigned (True) or not assigned (False) tokens
:query pagesize: limit the number of returned tokens
:query user_fields: additional user fields from the userid resolver of
the owner (user)
:query outform: if set to "csv", than the token list will be given in CSV
Would you mind open an issue at gihub?