OpenID connect support should include authenticating using directly an access token
Bug #1583780 reported by
Alvaro Lopez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystoneauth |
Fix Released
|
Medium
|
Alvaro Lopez |
Bug Description
If a user or service already has got an OpenID Connect access token it should be possible to authenticate against Keystone using it (i.e. exchange it to obtain an unscoped Keystone token).
Changed in keystoneauth: | |
assignee: | nobody → Alvaro Lopez (aloga) |
status: | New → In Progress |
assignee: | Alvaro Lopez (aloga) → Steve Martinelli (stevemar) |
Changed in keystoneauth: | |
importance: | Undecided → Medium |
assignee: | Steve Martinelli (stevemar) → Alvaro Lopez (aloga) |
tags: | added: oidc |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/318750 /git.openstack. org/cgit/ openstack/ keystoneauth/ commit/ ?id=553a523830a 31b1fb2c81ddfdc 926c5c9170bad8
Committed: https:/
Submitter: Jenkins
Branch: master
commit 553a523830a31b1 fb2c81ddfdc926c 5c9170bad8
Author: Alvaro Lopez Garcia <email address hidden>
Date: Thu May 19 17:48:41 2016 +0200
oidc: add OidcAccessToken class to authenticate reusing an access token
Some services or users may have obtained an access token, so it would be
possible to authenticate using this token directly (for example a
service where the user has already logged in). This new class makes
possible to use an access token to authenticate directly with Keystone,
exchanging it for a Keystone token.
Closes-bug: 1583780 aa48de709dba49a fde460731e2
Change-Id: I5a31270194a3d1