keystoneauth

OpenID Connect scopes not passed properly

Bug #1594272 reported by Alvaro Lopez on 2016-06-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	keystoneauth	Fix Released	Medium	Alvaro Lopez

Bug Description

All the OpenID Connect grant type plugins (currently the password and auth code grant types) should accept OpenID scopes, however this option is only defined for the password grant type in the loader. Moreover, the option defined as "openid_scope", but the plugin parameter is called "scope", resulting in the following error:

__init__() got an unexpected keyword argument 'openid_scope'

Tags:

Alvaro Lopez (aloga) on 2016-06-20

summary:	- OpenID Connect scopes not passed properly. + OpenID Connect scopes not passed properly
affects:	python-openstackclient → keystoneauth

OpenStack Infra (hudson-openstack) on 2016-06-20

Changed in keystoneauth:
assignee:	nobody → Alvaro Lopez (aloga)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-23: Fix proposed to keystoneauth (master)

Fix proposed to branch: master
Review: https://review.openstack.org/333261

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-27: Fix merged to keystoneauth (master)

Reviewed: https://review.openstack.org/333261
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=bd18bc3d0db0e11164dafe41ffaefea237e8ce76
Submitter: Jenkins
Branch: master

commit bd18bc3d0db0e11164dafe41ffaefea237e8ce76
Author: Alvaro Lopez Garcia <email address hidden>
Date: Thu Jun 23 13:09:58 2016 +0200

oidc: fix OpenID Connect scope option

    There is a missmatch between the option being defined in the
    OpenIDConnectPassword loader and the OidcPassword class. The loader
    defines it as "openid-scope" but the OidcPassword constructor only
    accepts "scope".

Closes-Bug: 1594272
Change-Id: I7dbaaa4eb52c900bcd19da4c274bd35dc8b98c6f

Changed in keystoneauth:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-07-04:

Reviewed: https://review.openstack.org/330463
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=68a7962488831bfb6cc9f72b7515a9d245fb2041
Submitter: Jenkins
Branch: master

commit 68a7962488831bfb6cc9f72b7515a9d245fb2041
Author: Alvaro Lopez Garcia <email address hidden>
Date: Thu Jun 16 11:20:14 2016 +0200

oidc: fix OpenID scope management

    The OpenID scope is something common to all the OpenID grant types,
    therefore we move the OIDC scope parameter 'scope' from the OidcPassword
    class into the base _OidcBase class, moving the option as well into the
    corresponding loader.

    Moreover, OpenID scopes are not handled properly, as the loaders have
    the option defined as "openid-scope" whereas the class constructor
    argument is named "openid".

Lastly, OpenID states that the OpenID scope MUST contain "openid" at
least, so we should include this in our defaults argument.

    Closes-Bug: #1594272
    Closes-Bug: #1597334
    Change-Id: I9a242ae93a61737d032c19830c5d89ef6237f875

Steve Martinelli (stevemar) on 2016-07-04

Changed in keystoneauth:
importance:	Undecided → Medium

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-07-05: Fix included in openstack/keystoneauth 2.9.0

This issue was fixed in the openstack/keystoneauth 2.9.0 release.

Alvaro Lopez (aloga) on 2016-07-07

tags:

added: oidc

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2016-07-28: Fix included in openstack/keystoneauth 2.10.0

This issue was fixed in the openstack/keystoneauth 2.10.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.