Part of the this protocol involves using an 'unscoped' token to retrieve a list of tenants for that user (not a global tenant list, which would be a security hole).
Using this, a user can (for example) log into horizon with a username and password (vs. specifying a long key). novaclient also implements this protocol.
Correct me if I'm wrong, but my understanding is that the user must already have a token before using the glance client. This is what we do in devstack:
Hey Jay,
If the user does not already have a token, she can retrieve it via the auth protocol:
https:/ /lists. launchpad. net/openstack/ msg04211. html
Part of the this protocol involves using an 'unscoped' token to retrieve a list of tenants for that user (not a global tenant list, which would be a security hole).
Using this, a user can (for example) log into horizon with a username and password (vs. specifying a long key). novaclient also implements this protocol.
Correct me if I'm wrong, but my understanding is that the user must already have a token before using the glance client. This is what we do in devstack:
glance add -A $SERVICE_TOKEN ...