Comment 6 for bug 1541656

Hi Morgan,

I do have the project scoping in my token {"token": {"methods": ["oauth1"], "roles": [{"id": "9fe2ff9ee4384b1894a90878d3e92bab", "name": "_member_"}], "expires_at": "2016-02-19T11:50:48.085682Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "f38f21172dcf4dc59660490da8b091f1", "name": .....

And now I tried the CLI without the --os-project-name but it gives me the very same error (Forbidden) and it is caused by the very same lines of code:

        # Do not allow tokens used for delegation to
        # create another token, or perform any changes of
        # state in Keystone. To do so is to invite elevation of
        # privilege attacks

        if token_ref.oauth_scoped or token_ref.trust_scoped:
            raise exception.Forbidden()

What else could be the reason for this behavior?

Thanks in advance!

Best regards,
Bogdan