Fernet tokens do not maintain expires time across rescope (V2 tokens)
Bug #1469563 reported by
Morgan Fainberg
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Lance Bragstad | ||
Kilo |
Fix Released
|
High
|
Dolph Mathews |
Bug Description
Fernet tokens do not maintain the expiration time when rescoping tokens.
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: fernet |
summary: |
- Fernet tokens do not maintain expires time across rescope + Fernet tokens do not maintain expires time across rescope (V2 tokens) |
Changed in keystone: | |
assignee: | nobody → Morgan Fainberg (mdrnstm) |
status: | Triaged → In Progress |
Changed in keystone: | |
assignee: | Morgan Fainberg (mdrnstm) → Lance Bragstad (lbragstad) |
Changed in keystone: | |
milestone: | liberty-2 → liberty-3 |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | liberty-3 → 8.0.0 |
no longer affects: | keystone/liberty |
To post a comment you must log in.
I can reproduce this.
Here is an authentication response using passwordCredentials and the uuid provider: http:// cdn.pasteraw. com/ve3ghqtx670 q92a7tkz45lq4vz jrx7
Here is the response authenticating with the token above (rescoping): http:// cdn.pasteraw. com/891ceexx0j1 k5nom2muemdawdt 4o6l2
The original token and the rescoped tokens both expire at 2015-06- 29T15:59: 21Z
The following is an authentication response using the fernet provider: http:// cdn.pasteraw. com/8wtpp3b98ci 647dgr5zg0j2py3 36tkb
The fernet token should expire at 2015-06- 29T15:55: 34.952246Z. The response from rescoping the fernet token bumps the expiration to 2015-06- 29T15:56: 09.663074Z : http:// cdn.pasteraw. com/nud9m8000yy usa6ntqy2234ko8 cnbwf