Comment 7 for bug 1872735

> OAUTH1 tokens already always contain all of the roles the authorizing user has on the requested project, ignoring the authorized roles that are stored with the access token during the authorization request.

Hi Colleen, thanks for a fix. I read the "https://docs.openstack.org/api-ref/identity/v3-ext/?expanded=authorize-request-token-detail#authorize-request-token" and I'm confused, why does the request contain roles list?

https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/os_oauth1.py#L287

Do I miss something?