oauth1 - consumer specifies roles instead of delegator

Bug #1216408 reported by Dolph Mathews on 2013-08-24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Steve Martinelli

Bug Description

From the mailing list [1]:

> How does the delegate know which role to request? This is unintuitive. A delegator (rather than delegate) knows the role he wants to delegate. One would normally expect the delegator to request Keystone to delegate this role to the named delegate, rather than the delegate asking for a role to be delegated to it, since it requires an out of band communications between the delegator and delegate to take place before the delegation, in which the delegator tells the delegate its un/pw and the role it should ask for. This seems to be a rather contrived exchange of messages.

This design fault is present in both the spec and the current implementation.

[1]: http://lists.openstack.org/pipermail/openstack-dev/2013-June/010402.html

Steve Martinelli (stevemar) wrote :

But we keep the consumer requesting the project id?

Fix proposed to branch: master
Review: https://review.openstack.org/43610

Changed in keystone:
status: Confirmed → In Progress
Dolph Mathews (dolph) wrote :
Dolph Mathews (dolph) wrote :

@Steve: yes

Fix proposed to branch: master
Review: https://review.openstack.org/44504

Reviewed: https://review.openstack.org/43610
Committed: http://github.com/openstack/keystone/commit/3b43bca897e507f3db34c14047d48182761a4014
Submitter: Jenkins
Branch: master

commit 3b43bca897e507f3db34c14047d48182761a4014
Author: Steve Martinelli <email address hidden>
Date: Sat Aug 24 23:49:16 2013 -0500

    OAuth authorizing user should propose roles to delegate

    Currently in the oauth1 extension the consumer specifies roles
    instead of delegator. This is a design fault that should be fixed
    by having the authorizing user provide a set of roles (ids)
    during the authorize request token phase.

    fixes bug: #1216408

    Change-Id: I13e155cf04dd478d575c8d66216d0fde08875ba2

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-09-05
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-3 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers