Comment 8 for bug 1348820
Revision history for this message
| Brant Knudson (blk-u) wrote Re: Token issued_at time changes on /v3/auth/token GET requests | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
@Tristan - I believe the issue here is that if you're attempting to validate a v2 token (that you got with a POST /v2.0/tokens) using the v3 API (using HEAD or HEAD /v3/auth/tokens) and Keystone is configured to use revocation events, the token will never be reported as expired.
So you've got your system configured to use revocation events and UUID tokens. You've disabled token caching in the auth_token middleware. Somebody gets a V2 token and uses it with Nova, etc. The auth_token middleware is validating the token and it always comes back as valid, never expired, even after the token expiration time.
This would only impact Icehouse since that's where revocation events were added.