auth_url and token authentication is broken
Bug #1257541 reported by
Jamie Lennox
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-keystoneclient |
Fix Released
|
Wishlist
|
Jamie Lennox |
Bug Description
The v2 and v3 clients both have support in authenticate() to handle the concept of using an auth_url and token. This is important as the way to rescope a token or to get a trust token should be to create a new client using the old token and the refinements (new roles, trust_ids etc) that you want to use.
Somewhere along the way it was assumed that the only reason that token would be provided to the client was that this was the token you always wanted to use when issuing connections. So if auth_token_
Changed in python-keystoneclient: | |
assignee: | nobody → Jamie Lennox (jamielennox) |
status: | New → In Progress |
Changed in python-keystoneclient: | |
importance: | Undecided → Wishlist |
milestone: | none → 0.4.2 |
Changed in python-keystoneclient: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/57803 /git.openstack. org/cgit/ openstack/ python- keystoneclient/ commit/ ?id=35aed518a9a 8c0049512910219 ca6fea4f35f2b8
Committed: https:/
Submitter: Jenkins
Branch: master
commit 35aed518a9a8c00 49512910219ca6f ea4f35f2b8
Author: Jamie Lennox <email address hidden>
Date: Fri Nov 22 11:14:49 2013 +1000
Correctly handle auth_url/token authentication
Previously the client assumed that if a user passed a token then this
token should be used for everything. This assumption is correct for the
endpoint/token case but not in the auth_url/token case where you will
want to fetch a new token. This is needed in the case where you want to
use an existing token to fetch a token that is re-scoped or activate a
trust.
There are still problems such as if you use auth_url/token
authentication then when the token expires it will try to refresh it,
but authenticating with a token will not extend the token expiry.
Closes-Bug: #1257541 a44071dcea5361b fb42f6b72a3
Change-Id: I1c35600ca5437d