OpenStack Identity (keystone)

Consider not using oauthlib rather than oauth2

Bug #1224638 reported by Chuck Short
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Opinion
Wishlist
Unassigned

Bug Description

Hi

Recently oauth2 was added as a dependency in the following commit:

https://github.com/openstack/keystone/commit/bcaa3072f37d3af3f9d526f18f311411ceeae160

However it seems there are some issues with the usage of oauth2:

- It is more than 2 years old
- There are security concerns with the usage of oauth2, these were brought up in:

https://bugs.launchpad.net/ubuntu/+source/python-oauth2/+bug/1213934

More details can be found at:

http://www.openwall.com/lists/oss-security/2013/09/12/5

Please consider using oauthlib instead of oauth2. If you have any questions please let me know.

Regards
chuck

Dolph Mathews (dolph)
Changed in keystone:
status: New → Opinion
importance: Undecided → Wishlist
Chuck Short (zulcss)
summary: - Consider not using oauth2
+ Consider not using oauthlib rather than oauth2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.