OpenStack Identity (keystone)

Bug #1909119
Comment #0

Comment 0 for bug 1909119

Revision history for this message

Seyed Milad Hashemi (seyedmiladhashemi) wrote on 2020-12-23:

I have scenario that first I authenticate user with username and password with explicit unscoped and receive a token.
By using the token I request user projects list and getting projects id, then at last using one of project id and unscoped token I want to get project scoped token.

This scenario happens with three api call:
1
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "tester",
          "domain": { "id": "default" },
          "password": "testing"
        }
      }
    },
    "scope": "unscoped"
  }
}

response:
header:
X-Subject-Token : token_id

2
url: {{KEYSTONE_BASE_URL}}/v3/auth/projects

request:
header:
X-Auth-Token: token_id

response:
{
    "links": {
        "self": "http://key:5000/v3/auth/projects",
        "previous": null,
        "next": null
    },
    "projects": [
        {
            "is_domain": false,
            "description": "",
            "links": {
                "self": "http://key:5000/v3/projects/5e9609787c4640118e8e007a25b30e4c"
            },
            "tags": [],
            "enabled": true,
            "id": "5e9609787c4640118e8e007a25b30e4c",
            "parent_id": "default",
            "domain_id": "default",
            "name": "test"
        },
        {
            "is_domain": false,
            "description": "",
            "links": {
                "self": "http://key:5000/v3/projects/fb7822bd49614bd8bbaf133576e3e324"
            },
            "tags": [],
            "enabled": true,
            "id": "fb7822bd49614bd8bbaf133576e3e324",
            "parent_id": "default",
            "domain_id": "default",
            "name": "test2"
        }
    ]
}

3
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens

request:
body:
{
    "auth": {
        "identity": {
            "methods": [
                "token"
            ],
            "token": {
                "id": "'token_id"
            }
        },
        "scope": {
            "project": {
                "name": "test",
                "domain": {"id":"default"}
            }
        }
    }
}

response:
body:
{
    "error": {
        "message": "The request you have made requires authentication.",
        "code": 401,
        "title": "Unauthorized"
    }
}

response:
header:
X-Subject-Token : token_id

2
url: {{KEYSTONE_BASE_URL}}/v3/auth/projects

request:
header:
X-Auth-Token: token_id

3
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens

response:
body:
{
    "error": {
        "message": "The request you have made requires authentication.",
        "code": 401,
        "title": "Unauthorized"
    }
}