I was able to verify this locally. The only difference I noticed was in the second to last step, where you're able to get what appears to be a scoped token using a certificate. When I do this, I always get back an unscoped token regardless of the headers I pass in [0] (e.g., x-project-id or x-project-name + x-project-domain-id). This could be a separate issue though and something I was talking to gyee about today in IRC [1].
Otherwise - when I try and validate the unscoped token from the last step, I do see the 500.
I was able to verify this locally. The only difference I noticed was in the second to last step, where you're able to get what appears to be a scoped token using a certificate. When I do this, I always get back an unscoped token regardless of the headers I pass in [0] (e.g., x-project-id or x-project-name + x-project- domain- id). This could be a separate issue though and something I was talking to gyee about today in IRC [1].
Otherwise - when I try and validate the unscoped token from the last step, I do see the 500.
[0] https:/ /pasted. tech/pastes/ c79647db136625e a6a2ad38c767162 e7fcd2d831. raw eavesdrop. openstack. org/irclogs/ %23openstack- keystone/ %23openstack- keystone. 2019-01- 23.log. html#t2019- 01-23T21: 32:29
[1] http://