OpenID connect support should include authenticating using directly an access token

Bug #1583780 reported by Alvaro Lopez on 2016-05-19
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Alvaro Lopez

Bug Description

If a user or service already has got an OpenID Connect access token it should be possible to authenticate against Keystone using it (i.e. exchange it to obtain an unscoped Keystone token).

Changed in keystoneauth:
assignee: nobody → Alvaro Lopez (aloga)
status: New → In Progress
assignee: Alvaro Lopez (aloga) → Steve Martinelli (stevemar)
Changed in keystoneauth:
importance: Undecided → Medium
assignee: Steve Martinelli (stevemar) → Alvaro Lopez (aloga)

Submitter: Jenkins
Branch: master

commit 553a523830a31b1fb2c81ddfdc926c5c9170bad8
Author: Alvaro Lopez Garcia <email address hidden>
Date: Thu May 19 17:48:41 2016 +0200

    oidc: add OidcAccessToken class to authenticate reusing an access token

    Some services or users may have obtained an access token, so it would be
    possible to authenticate using this token directly (for example a
    service where the user has already logged in). This new class makes
    possible to use an access token to authenticate directly with Keystone,
    exchanging it for a Keystone token.

    Closes-bug: 1583780
    Change-Id: I5a31270194a3d1aa48de709dba49afde460731e2

Changed in keystoneauth:
status: In Progress → Fix Released

This issue was fixed in the openstack/keystoneauth 2.8.0 release.

Alvaro Lopez (aloga) on 2016-07-07
tags: added: oidc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers