← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1854041] [NEW] Keystone should propagate redirect exceptions from auth plugins

 

Public bug reported:

When a developer is implementing an Authentication plugin [1] they can
only return None and setup the relevant information in the auth context
or raise an Unauthorized exception. However, in some cases (like an
OpenID Connect plugin) it is needed to perform a redirect to the
provider to complete the flow. IIRC this was possible in the past
(before moving to Flask) by raising an exception with the proper HTTP
code set, but with the current implementation this is impossible.

[1]: https://docs.openstack.org/keystone/latest/contributor/auth-
plugins.html

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1854041

Title:
  Keystone should propagate redirect exceptions from auth plugins

Status in OpenStack Identity (keystone):
  New

Bug description:
  When a developer is implementing an Authentication plugin [1] they can
  only return None and setup the relevant information in the auth
  context or raise an Unauthorized exception. However, in some cases
  (like an OpenID Connect plugin) it is needed to perform a redirect to
  the provider to complete the flow. IIRC this was possible in the past
  (before moving to Flask) by raising an exception with the proper HTTP
  code set, but with the current implementation this is impossible.

  [1]: https://docs.openstack.org/keystone/latest/contributor/auth-
  plugins.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1854041/+subscriptions


Follow ups