"allow expired" feature is broken against json web token
Bug #1886017 reported by
Xiaojun Lin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Vishakha Agarwal |
Bug Description
When using the json web token, the allow expired feature is broken.
Steps to reproduce:
1. create TOKEN1 with long expiration period.
2. create TOKEN2 with short expiration period
3. after TOKEN2 is expired, call GET /v3/auth/
Keystone is supposed to return the token data of TOKEN2 but an error of TokenNotFound is returned.
This has been tested against ferent token and it worked as expected.
Here is the cause I found: jwt.decode() raises an ExpiredSignatur
Changed in keystone: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Vishakha Agarwal (vishakha.agarwal) |
tags: | added: jwt |
To post a comment you must log in.
I managed to reproduce it successfully with jws tokens http:// paste.openstack .org/show/ 795504/.