Jeremy - Once the change is applied to keystone then the revocation list will include the audit IDs. The audit IDs are already in the token table so that will be available. As such, the fix will work for old tokens.
Comments on the proposed OSSN
1) change "token formats" to "token providers"
2) In the sample config, since keystone has support for using entrypoints for the provider, the examples should also have:
#provider = pki
#provider = pkiz
This was introduced in liberty so earlier releases need to use keystone.token.providers.uuid.Provider whereas liberty and later should use uuid or fernet
Jeremy - Once the change is applied to keystone then the revocation list will include the audit IDs. The audit IDs are already in the token table so that will be available. As such, the fix will work for old tokens.
Comments on the proposed OSSN
1) change "token formats" to "token providers"
2) In the sample config, since keystone has support for using entrypoints for the provider, the examples should also have:
#provider = pki
#provider = pkiz
This was introduced in liberty so earlier releases need to use keystone. token.providers .uuid.Provider whereas liberty and later should use uuid or fernet