yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #84805
[Bug 1909119] [NEW] Getting error 401 when use get token by token method
Public bug reported:
I have scenario that first I authenticate user with username and password with explicit unscoped and receive a token.
By using the token I request user projects list and getting projects id, then at last using one of project id and unscoped token I want to get project scoped token.
This scenario happens with three api call:
1
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "tester",
"domain": { "id": "default" },
"password": "testing"
}
}
},
"scope": "unscoped"
}
}
response:
header:
X-Subject-Token : token_id
2
url: {{KEYSTONE_BASE_URL}}/v3/auth/projects
request:
header:
X-Auth-Token: token_id
response:
{
"links": {
"self": "http://key:5000/v3/auth/projects";,
"previous": null,
"next": null
},
"projects": [
{
"is_domain": false,
"description": "",
"links": {
"self": "http://key:5000/v3/projects/5e9609787c4640118e8e007a25b30e4c";
},
"tags": [],
"enabled": true,
"id": "5e9609787c4640118e8e007a25b30e4c",
"parent_id": "default",
"domain_id": "default",
"name": "test"
},
{
"is_domain": false,
"description": "",
"links": {
"self": "http://key:5000/v3/projects/fb7822bd49614bd8bbaf133576e3e324";
},
"tags": [],
"enabled": true,
"id": "fb7822bd49614bd8bbaf133576e3e324",
"parent_id": "default",
"domain_id": "default",
"name": "test2"
}
]
}
3
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
body:
{
"auth": {
"identity": {
"methods": [
"token"
],
"token": {
"id": "'token_id"
}
},
"scope": {
"project": {
"name": "test",
"domain": {"id":"default"}
}
}
}
}
response:
body:
{
"error": {
"message": "The request you have made requires authentication.",
"code": 401,
"title": "Unauthorized"
}
}
** Affects: keystone
Importance: Undecided
Status: New
** Description changed:
I have scenario that first I authenticate user with username and password with explicit unscoped and receive a token.
By using the token I request user projects list and getting projects id, then at last using one of project id and unscoped token I want to get project scoped token.
This scenario happens with three api call:
1
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
+ ```json
{ "auth": {
- "identity": {
- "methods": ["password"],
- "password": {
- "user": {
- "name": "tester",
- "domain": { "id": "default" },
- "password": "testing"
- }
- }
- },
- "scope": "unscoped"
- }
+ "identity": {
+ "methods": ["password"],
+ "password": {
+ "user": {
+ "name": "tester",
+ "domain": { "id": "default" },
+ "password": "testing"
+ }
+ }
+ },
+ "scope": "unscoped"
+ }
}
-
+ ```
response:
header:
X-Subject-Token : token_id
2
url: {{KEYSTONE_BASE_URL}}/v3/auth/projects
request:
header:
X-Auth-Token: token_id
response:
{
- "links": {
- "self": "http://key:5000/v3/auth/projects";,
- "previous": null,
- "next": null
- },
- "projects": [
- {
- "is_domain": false,
- "description": "",
- "links": {
- "self": "http://key:5000/v3/projects/5e9609787c4640118e8e007a25b30e4c";
- },
- "tags": [],
- "enabled": true,
- "id": "5e9609787c4640118e8e007a25b30e4c",
- "parent_id": "default",
- "domain_id": "default",
- "name": "test"
- },
- {
- "is_domain": false,
- "description": "",
- "links": {
- "self": "http://key:5000/v3/projects/fb7822bd49614bd8bbaf133576e3e324";
- },
- "tags": [],
- "enabled": true,
- "id": "fb7822bd49614bd8bbaf133576e3e324",
- "parent_id": "default",
- "domain_id": "default",
- "name": "test2"
- }
- ]
+ "links": {
+ "self": "http://key:5000/v3/auth/projects";,
+ "previous": null,
+ "next": null
+ },
+ "projects": [
+ {
+ "is_domain": false,
+ "description": "",
+ "links": {
+ "self": "http://key:5000/v3/projects/5e9609787c4640118e8e007a25b30e4c";
+ },
+ "tags": [],
+ "enabled": true,
+ "id": "5e9609787c4640118e8e007a25b30e4c",
+ "parent_id": "default",
+ "domain_id": "default",
+ "name": "test"
+ },
+ {
+ "is_domain": false,
+ "description": "",
+ "links": {
+ "self": "http://key:5000/v3/projects/fb7822bd49614bd8bbaf133576e3e324";
+ },
+ "tags": [],
+ "enabled": true,
+ "id": "fb7822bd49614bd8bbaf133576e3e324",
+ "parent_id": "default",
+ "domain_id": "default",
+ "name": "test2"
+ }
+ ]
}
3
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
body:
{
- "auth": {
- "identity": {
- "methods": [
- "token"
- ],
- "token": {
- "id": "'token_id"
- }
- },
- "scope": {
- "project": {
- "name": "test",
- "domain": {"id":"default"}
- }
- }
- }
+ "auth": {
+ "identity": {
+ "methods": [
+ "token"
+ ],
+ "token": {
+ "id": "'token_id"
+ }
+ },
+ "scope": {
+ "project": {
+ "name": "test",
+ "domain": {"id":"default"}
+ }
+ }
+ }
}
response:
body:
{
- "error": {
- "message": "The request you have made requires authentication.",
- "code": 401,
- "title": "Unauthorized"
- }
+ "error": {
+ "message": "The request you have made requires authentication.",
+ "code": 401,
+ "title": "Unauthorized"
+ }
}
** Description changed:
I have scenario that first I authenticate user with username and password with explicit unscoped and receive a token.
By using the token I request user projects list and getting projects id, then at last using one of project id and unscoped token I want to get project scoped token.
This scenario happens with three api call:
1
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
- ```json
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "tester",
"domain": { "id": "default" },
"password": "testing"
}
}
},
"scope": "unscoped"
}
}
- ```
+
response:
header:
X-Subject-Token : token_id
2
url: {{KEYSTONE_BASE_URL}}/v3/auth/projects
request:
header:
X-Auth-Token: token_id
response:
{
"links": {
"self": "http://key:5000/v3/auth/projects";,
"previous": null,
"next": null
},
"projects": [
{
"is_domain": false,
"description": "",
"links": {
"self": "http://key:5000/v3/projects/5e9609787c4640118e8e007a25b30e4c";
},
"tags": [],
"enabled": true,
"id": "5e9609787c4640118e8e007a25b30e4c",
"parent_id": "default",
"domain_id": "default",
"name": "test"
},
{
"is_domain": false,
"description": "",
"links": {
"self": "http://key:5000/v3/projects/fb7822bd49614bd8bbaf133576e3e324";
},
"tags": [],
"enabled": true,
"id": "fb7822bd49614bd8bbaf133576e3e324",
"parent_id": "default",
"domain_id": "default",
"name": "test2"
}
]
}
3
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
body:
{
"auth": {
"identity": {
"methods": [
"token"
],
"token": {
"id": "'token_id"
}
},
"scope": {
"project": {
"name": "test",
"domain": {"id":"default"}
}
}
}
}
response:
body:
{
"error": {
"message": "The request you have made requires authentication.",
"code": 401,
"title": "Unauthorized"
}
}
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1909119
Title:
Getting error 401 when use get token by token method
Status in OpenStack Identity (keystone):
New
Bug description:
I have scenario that first I authenticate user with username and password with explicit unscoped and receive a token.
By using the token I request user projects list and getting projects id, then at last using one of project id and unscoped token I want to get project scoped token.
This scenario happens with three api call:
1
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "tester",
"domain": { "id": "default" },
"password": "testing"
}
}
},
"scope": "unscoped"
}
}
response:
header:
X-Subject-Token : token_id
2
url: {{KEYSTONE_BASE_URL}}/v3/auth/projects
request:
header:
X-Auth-Token: token_id
response:
{
"links": {
"self": "http://key:5000/v3/auth/projects";,
"previous": null,
"next": null
},
"projects": [
{
"is_domain": false,
"description": "",
"links": {
"self": "http://key:5000/v3/projects/5e9609787c4640118e8e007a25b30e4c";
},
"tags": [],
"enabled": true,
"id": "5e9609787c4640118e8e007a25b30e4c",
"parent_id": "default",
"domain_id": "default",
"name": "test"
},
{
"is_domain": false,
"description": "",
"links": {
"self": "http://key:5000/v3/projects/fb7822bd49614bd8bbaf133576e3e324";
},
"tags": [],
"enabled": true,
"id": "fb7822bd49614bd8bbaf133576e3e324",
"parent_id": "default",
"domain_id": "default",
"name": "test2"
}
]
}
3
url: {{KEYSTONE_BASE_URL}}/v3/auth/tokens
request:
body:
{
"auth": {
"identity": {
"methods": [
"token"
],
"token": {
"id": "'token_id"
}
},
"scope": {
"project": {
"name": "test",
"domain": {"id":"default"}
}
}
}
}
response:
body:
{
"error": {
"message": "The request you have made requires authentication.",
"code": 401,
"title": "Unauthorized"
}
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1909119/+subscriptions
