Based upon research and discussions in IRC, turns out we do not store the application_credential_id in the token payload. This means that if the token is not pre-populated in the cache, the test will fail.
This also means that if the token cache expires, subsequent uses of the token with the application cred will also fail / have inconsistent or inappropriate behavior.
Based upon research and discussions in IRC, turns out we do not store the application_ credential_ id in the token payload. This means that if the token is not pre-populated in the cache, the test will fail.
This also means that if the token cache expires, subsequent uses of the token with the application cred will also fail / have inconsistent or inappropriate behavior.
This requires a fix to add a formatter that includes application_ credentials (likely more than one). The issue is identified by looking at https:/ /github. com/openstack/ keystone/ blob/c80df22669 ae457f8a64ddef7 d31f685f9ad1e01 /keystone/ token/token_ formatters. py and seeing that application credential is not stored anywhere but the auth methods are properly populated.