python-openstackclient

  1. Bug #1582774
  2. Comment #20

Comment 20 for bug 1582774

Revision history for this message
Alvaro Lopez (aloga) wrote : Re: OidcPassword auth plugin should accept scope parameters

Hi Joshua.

I think that there is a bit of mess here :-(

There are two different meanings for "scope" here.

On the one hand we have the Keystone token scope: this particular bug was regarding Keystone scope parameters (that is, project_id, domain_id, tenant_id, etc.).

On the other hand we have the OpenID Connect Scope. OpenID Connect scope should be specified with "os-openid-scope" option in the command line.

Probably, the naming inconsistency that you get comes from the switch from python-keystoneclient (the legacy) to keystoneauth. The previous plugin used "os-scope" whereas the new one uses "os-openid-scope". Moreover, there was a bug (https://bugs.launchpad.net/python-openstackclient/+bug/1594272) that made impossible to specify an scope due to a naming error. Can you confirm that this is your case?