Comment 3 for bug 1298075

A 401 error indicates that the client didn't send an auth header, so I don't think that's an appropriate return code. See http://tools.ietf.org/html/rfc2616#section-10.4.2 . A 500 error seems appropriate here. The server encountered an unexpected error and wasn't able to complete the request.

Note that a user's token wind up becoming invalid for any number of reasons, not just because it expires. For example, if the administrator disables the user. So token expiration is only one way that this could happen.

From what I know of trust tokens, I think that getting a trust token from the user's token or using a nova service token would be the right way for nova to communicate with neutron.