Unless I'm mistaken the keystoneclient auth_token middleware seems to neglecting to check the expiry of signed tokens.
Instead, it only checks if the proposed token has been explicitly revoked:
https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L1047
Surely the expiration timestamp needs to be checked also and the token rejected if expired.
Unless I'm mistaken the keystoneclient auth_token middleware seems to neglecting to check the expiry of signed tokens.
Instead, it only checks if the proposed token has been explicitly revoked:
https:/ /github. com/openstack/ python- keystoneclient/ blob/master/ keystoneclient/ middleware/ auth_token. py#L1047
Surely the expiration timestamp needs to be checked also and the token rejected if expired.