Ask Your Question

where can i find the generated token from the command "openstack token issue" ?

asked 2019-01-20 13:08:55 -0500

[root@controller ~]# openstack token issue +------------+------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2019-01-20T19:38:29+0000 | | id | gAAAAABcRMAlcTM9eltY3AicW8XLJWNJHnihasmDUxC5SOnRCnznYDxB_awInNdo8i3QuIsD5nXifkl4vaSXqV2RvFPdNLZHxU2TB1VmycpmRK9RDtZj72SNFUN0CIHr_4 | | | PTNUTEziTHXumDkk7lKUwGiILYvHuh_QwA0p6Hg6KQcKtnRhv06WQ | | project_id | 12e0265efbf64f738936bf0727f49027 | | user_id | 2999988b7f094d8087cc728fb44a1e45 | +------------+------------------------------------------------------------------------------------------------------------------------------------+

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted

answered 2019-01-20 14:02:44 -0500

updated 2019-01-20 18:33:57 -0500

It’s the ID, the string that starts with gAAAAA.

EDIT: By now (Rocky), the only supported token type is Fernet as far as I know. From the Fernet FAQ:

Even though fernet tokens operate very similarly to UUID tokens, they do not require persistence or leverage the configured token persistence driver in any way. The keystone token database no longer suffers bloat as a side effect of authentication. Pruning expired tokens from the token database is no longer required when using fernet tokens.

"They don't require persistence" means that they are stored nowhere. The token itself contains everything required to validate it:

Fernet tokens contain a limited amount of identity and authorization data in a MessagePacked payload

I don't know if there is a tool that allows you to unpack a Fernet token and look inside it, but the cited FAQ document contains pointers to the token structure. Also, one of the Keystone developers has blogged about it.

edit flag offensive delete link more


yes i know that, but i want to know where in the database

Soufiene Slimi gravatar imageSoufiene Slimi ( 2019-01-20 15:11:50 -0500 )edit

Ha! I didn't have the intention to insult your intelligence. But next time, be a bit more explicit, so that people don't think you are an absolute beginner.

Thanks for the question by the way. It prompted me to look back at Keystone documentation. I had forgotten all about tokens.

Bernd Bausch gravatar imageBernd Bausch ( 2019-01-20 18:32:13 -0500 )edit

Thank your for the answer :)

Soufiene Slimi gravatar imageSoufiene Slimi ( 2019-01-21 04:58:33 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2019-01-20 13:08:55 -0500

Seen: 14 times

Last updated: Jan 20