Unify delegate token identification
Bug #1211965 reported by
Adam Young
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
Trusts and OAuth both create delegated tokens that should not be allowed to create additional tokens. But they are marked in separate ways. We should unify the trusts and oauth tokens to both be labeled the same way, and have unified token processing that prevents them from being allowed to create new tokens.
To post a comment you must log in.
This isn't really a bug, we do handle these in a fairly consistent way, we set 'is_delegated' in the authorization module. This could be further improved on down the line.