Comment 5 for bug 998185
Revision history for this message
| Dolph Mathews (dolph) wrote Re: Once a token is created/distributed its expiry date can be circumvented | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
@heckj: The goal of chaining was to support re-scoping to a different tenant without passing full credentials each time. In the original use case: 1) pass in password credentials with no tenant, 2) receive an unscoped token, 3) call GET /tenants, and 4) re-auth with my token and tenant selection. This use case / pattern came from the OpenStack community as I recall, not rax.
I also believe keystone legacy followed the second pattern: re-authenticating with an existing token carried over the original expiry time.