> so when an access token was created, it would contain every role assignment the creator had for the project. This results in an OAuth1 access token having more role assignments than the creator intended
Technically it's not the OAuth1 access token that contains too many roles but the keystone token. I'm attaching a new version of the patch which updates the release notes to clarify that point.
> so when an access token was created, it would contain every role assignment the creator had for the project. This results in an OAuth1 access token having more role assignments than the creator intended
Technically it's not the OAuth1 access token that contains too many roles but the keystone token. I'm attaching a new version of the patch which updates the release notes to clarify that point.