Ask Your Question
0

identity v3 scope

asked 2014-09-02 07:54:13 -0500

Chris Knight gravatar image

updated 2014-09-02 09:44:53 -0500

When creating a Token must a scope be supplied if a default project is defined for a given user?

There seems to be some ambiguity about whether not providing a scope will give authorization/scope for the default project defined for a user or not.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-09-02 11:28:21 -0500

V3 supports both project scope and domain scope. If you want domain scope, then you need to specifiy domain scope in token request. If you have default project_id setup and if the default project has role assoicated with the user, then no scope impliies project scoped token scoped to "default_project_id". (Current behavior)

This behavior creates another problem. If the user has default_project_id setup, there is no way for him to get unscoped token. This will be addressed in "kilo" release. https://github.com/openstack/keystone...

edit flag offensive delete link more

Comments

Thanks for the reply. Do you have an example of a response when the default_project_id is applied.

Chris Knight gravatar imageChris Knight ( 2014-09-02 16:29:08 -0500 )edit

Hi, I'm pretty confused by the "scope" in OpenStack, what I wonder is why do we have "scope". what is the difference between domain-scoped token, project-scoped token and un-scoped token?

darren-wang gravatar imagedarren-wang ( 2014-10-23 07:14:38 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-09-02 07:54:13 -0500

Seen: 112 times

Last updated: Sep 02 '14