A user of the API cannot retrieve a list of their own tokens

Bug #867483 reported by Stuart Langridge on 2011-10-04
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Canonical SSO provider
Medium
Unassigned

Bug Description

A plain user of the SSO API cannot retrieve their own list of tokens. It requires a privileged "API user". This is quite frustrating, because if I want to build an app where the user signs in with username and password, I *must* create a new token every time. If I could get the list of user tokens, I could see if I've already created a token for my app and just use it again. What this leads to is SSO holding a zillion tokens for a user, because I have to create a new one every go.

http://bazaar.launchpad.net/~canonical-isd-hackers/canonical-identity-provider/trunk/view/head:/identityprovider/api10/handlers.py#L332 shows that the list_tokens operation is restricted to API users; perhaps it would be OK for a user to list existing tokens (since I have their username and password anyway, so I can create a new token if I want).

Changed in canonical-identity-provider:
status: New → Confirmed
importance: Undecided → Medium
tags: added: escalated
description: updated
David Owen (dsowen) on 2012-04-10
tags: added: kb-feature sp-1
David Owen (dsowen) on 2012-04-12
Changed in canonical-identity-provider:
status: Confirmed → Triaged

De-escalating per prioritisation discussions with U1

tags: removed: escalated
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers