oauth request token can created with a project that doesn't exist
Bug #1420120 reported by
Steve Martinelli
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Steve Martinelli |
Bug Description
An oauth request token can be created with an project that doesn't exist, there is no security risk here since when the request token is exchanged for an access token, the controller checks if the user has roles on that project.
This causes confusion for the delagator/
Changed in keystone: | |
assignee: | nobody → Steve Martinelli (stevemar) |
status: | New → In Progress |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-3 → 2015.1.0 |
To post a comment you must log in.
patch is here: https:/ /review. openstack. org/#/c/ 145701/