Comment 27 for bug 1175367

I don't think the 'ignore-expires' parameter makes sense: if the value in the caches is expired, either from a memcache or a reading of the timestamp on the underlying token, it should be considered invalid. Passing a parameter to somehow modify this seems wrong: we can and should be draconian on this. Why was this added?

Note that there is a more serious CVE with a fix already, and I think this one conflicts with that fix. Please rebase this on top of the change for https://bugs.launchpad.net/python-keystoneclient/+bug/1179615 keeping the message signatures in the patch for putting into the cache with the expiration time exposed.

Minor nit: line 192 breaks the pattern of the comment block when splitting over multiple lines, looks like an stray return snuck in.