Fernet token response has wrong methods
Bug #1430062 reported by
Haneef Ali
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Morgan Fainberg |
Bug Description
If you validate fernet token, the token response has 2 methods. Since the token is obtained using the "password" method, the response should only have "password" method
ex - token response
"expires_at": "2015-03-
"extras": {},
"methods": [
"token"
],
tags: | added: fernet |
Changed in keystone: | |
importance: | Undecided → Medium |
milestone: | none → kilo-3 |
status: | New → Triaged |
Changed in keystone: | |
assignee: | nobody → Satyanarayana Patibandla (satya-patibandla) |
Changed in keystone: | |
assignee: | Satyanarayana Patibandla (satya-patibandla) → Lance Bragstad (lbragstad) |
status: | Triaged → In Progress |
Changed in keystone: | |
assignee: | Lance Bragstad (lbragstad) → Dolph Mathews (dolph) |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Lance Bragstad (lbragstad) |
Changed in keystone: | |
assignee: | Lance Bragstad (lbragstad) → Morgan Fainberg (mdrnstm) |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-3 → 2015.1.0 |
To post a comment you must log in.
I'm guessing we're going to have to encode a tuple of auth methods into each Fernet token payload. Assuming our auth method names we need to handle are well known values, it would be a waste to store the entire method names as strings, so I'd suggest trying mapping byte values to the method names in an enumeration.
A fix for this should also be based on (at least) https:/ /review. openstack. org/#/c/ 160993/