yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #76741
[Bug 1813336] [NEW] Requesting a scoped token when using x509 authentication is redundant
Public bug reported:
In order to get a project-scoped token with an x509 certificate (not
tokenless authentication), I need to specify X-Project-Id in the request
header and I need to specify the project in the scope of the request
body.
If I leave out the header (e.g., X-Project-Id) but keep the scope in the
request body, the request fails with an HTTP 400 validation error [1].
If I leave the request body unscoped and keep the X-Project-Id header in
the request, it is ignored an I get back an unscoped token [2].
It seems redundant to have to specify both to get a scoped token.
[0] https://pasted.tech/pastes/44d9393b0b01f40257fc216fec914ebb9bce07a6.raw
[1] https://pasted.tech/pastes/a41b17ec4c51bb57cb7625847544a75b97282585.raw
[2] https://pasted.tech/pastes/746cd35c00a6fd1c0d12a49ec1a705b4d0464b6a.raw
** Affects: keystone
Importance: Medium
Status: Triaged
** Tags: user-experience x509
** Tags added: x509
** Changed in: keystone
Status: New => Triaged
** Changed in: keystone
Importance: Undecided => Medium
** Tags added: user-experience
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1813336
Title:
Requesting a scoped token when using x509 authentication is redundant
Status in OpenStack Identity (keystone):
Triaged
Bug description:
In order to get a project-scoped token with an x509 certificate (not
tokenless authentication), I need to specify X-Project-Id in the
request header and I need to specify the project in the scope of the
request body.
If I leave out the header (e.g., X-Project-Id) but keep the scope in
the request body, the request fails with an HTTP 400 validation error
[1]. If I leave the request body unscoped and keep the X-Project-Id
header in the request, it is ignored an I get back an unscoped token
[2].
It seems redundant to have to specify both to get a scoped token.
[0] https://pasted.tech/pastes/44d9393b0b01f40257fc216fec914ebb9bce07a6.raw
[1] https://pasted.tech/pastes/a41b17ec4c51bb57cb7625847544a75b97282585.raw
[2] https://pasted.tech/pastes/746cd35c00a6fd1c0d12a49ec1a705b4d0464b6a.raw
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1813336/+subscriptions