Rescope in V3 for invalid/expired token should return unauthorized (returns 404 currently)
Bug #1243336 reported by
Arun Kant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Opinion
|
Wishlist
|
Unassigned | ||
python-keystoneclient |
Opinion
|
Wishlist
|
Unassigned |
Bug Description
Token rescope operation in V3 API is currently returning "Not Found" (404) error for invalid or expired token input. Like other plugins, it should be considered as re-verification of authentication data and should return "Unauthorized" (401) error for this case. This can be considered similar to providing incorrect username or password in password method credentials data.
Related code is in : https:/
To post a comment you must log in.
In v2 rescope, invalid and expired token case returns Unauthorized (401) error which is correct. So above issue needs to be addressed in V3 only.
Related code: https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ token/controlle rs.py#L151