openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #13614
Allow keystone users to know their rights
Hi!
Currently, user can obtain information about his rights (roles, tenants,
endpoints) only saving response to POST /tokens query. If you are a
non-privileged user, have a token, and haven't saved the mentioned
response, you cannot know your rights - you have to make another POST
/tokens query and retrieve a new token.
However, if you are a keystone admin, you can GET /tokens/{token_id} and
retrieve extended information for token of any user.
Is it a security measure? Would it be acceptable if an ordinary user were
allowed to get his token data in any moment? There could be a GET
/tokens/{token_id} call that returns data for valid token_id or signals
that it is invalid.
--
Alessio Ababilov
Software Engineer
Grid Dynamics