"allow expired" feature is broken against json web token
Bug #1886017 reported by
Xiaojun Lin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Vishakha Agarwal | ||
Bug Description
When using the json web token, the allow expired feature is broken.
Steps to reproduce:
1. create TOKEN1 with long expiration period.
2. create TOKEN2 with short expiration period
3. after TOKEN2 is expired, call GET /v3/auth/
Keystone is supposed to return the token data of TOKEN2 but an error of TokenNotFound is returned.
This has been tested against ferent token and it worked as expected.
Here is the cause I found: jwt.decode() raises an ExpiredSignatur
| Changed in keystone: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| assignee: | nobody → Vishakha Agarwal (vishakha.agarwal) |
Revision history for this message
| Vishakha Agarwal (vishakha.agarwal) wrote | #1 |
| tags: | added: jwt |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #2 |
| Changed in keystone: | |
| status: | Confirmed → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #3 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
I managed to reproduce it successfully with jws tokens http://