> OAUTH1 tokens already always contain all of the roles the authorizing user has on the requested project, ignoring the authorized roles that are stored with the access token during the authorization request.
Hi Colleen, thanks for a fix. I read the "https://docs.openstack.org/api-ref/identity/v3-ext/?expanded=authorize-request-token-detail#authorize-request-token" and I'm confused, why does the request contain roles list?
https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/os_oauth1.py#L287
Do I miss something?
> OAUTH1 tokens already always contain all of the roles the authorizing user has on the requested project, ignoring the authorized roles that are stored with the access token during the authorization request.
Hi Colleen, thanks for a fix. I read the "https:/ /docs.openstack .org/api- ref/identity/ v3-ext/ ?expanded= authorize- request- token-detail# authorize- request- token" and I'm confused, why does the request contain roles list?
https:/ /github. com/openstack/ keystone/ blob/7bb6314e40 d6947294260324e 84a58de191f8609 /keystone/ api/os_ oauth1. py#L287
Do I miss something?