Ask Your Question
2

How to do api token renewal(or expiration extension)

asked 2014-06-06 07:04:47 -0600

akakios gravatar image

updated 2014-06-06 16:37:25 -0600

smaffulli gravatar image

I'm building a custom dashboard(as a replacement to horizon), but I'm having trouble managing token renewal in openstack(Icehouse). My goal is to "extend" a user's session as long as he is doing operations on the dashboard. I had two options:

  1. If the token's expiration is near, generate a token using an existing token and use the new token moving forward -- but the problem with this is that the new token's expiration issued by openstack has the same expiration as the old one.

  2. If the token's expiration is near, revoke the the token, query the user's credentials(i think this was still supported on keystone v2 on havana) through an admin session, and then get a token in behalf of the user and use that moving forward. But i think the ability to get a user's credential's is now not supported.

So, both can't really work -- can anybody point me to the right direction to be able to achieve what I intend to do?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2014-06-10 21:33:23 -0600

Keystone doesn't have this feature as of now. But there is a proposal to implement this. Most probably it will be available by Juno release

https://review.openstack.org/#/c/9664...

This use case only handlles Horizion. It is better to check if cinder's use case will be addressed by this extesnion. If not this is the time to provide your feedback.

edit flag offensive delete link more
0

answered 2014-06-10 12:02:28 -0600

Duncan Thomas gravatar image

Cinder would like to be able to do this too, for example during long running backups. I shall watch this question with interest - I've not managed to find anything useful on the subject other than a suggestion 'It might be possible to abuse keystone trusts to get the result desired, but that isn't how trusts are meant to be used'.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Get to know Ask OpenStack

Resources for moderators

Question Tools

Follow
3 followers

Stats

Asked: 2014-06-06 07:04:47 -0600

Seen: 393 times

Last updated: Jun 10 '14