Ask Your Question

identity v3 scope

asked 2014-09-02 07:54:13 -0600

Chris Knight gravatar image

updated 2014-09-02 09:44:53 -0600

When creating a Token must a scope be supplied if a default project is defined for a given user?

There seems to be some ambiguity about whether not providing a scope will give authorization/scope for the default project defined for a user or not.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2014-09-02 11:28:21 -0600

V3 supports both project scope and domain scope. If you want domain scope, then you need to specifiy domain scope in token request. If you have default project_id setup and if the default project has role assoicated with the user, then no scope impliies project scoped token scoped to "default_project_id". (Current behavior)

This behavior creates another problem. If the user has default_project_id setup, there is no way for him to get unscoped token. This will be addressed in "kilo" release.

edit flag offensive delete link more


Thanks for the reply. Do you have an example of a response when the default_project_id is applied.

Chris Knight gravatar imageChris Knight ( 2014-09-02 16:29:08 -0600 )edit

Hi, I'm pretty confused by the "scope" in OpenStack, what I wonder is why do we have "scope". what is the difference between domain-scoped token, project-scoped token and un-scoped token?

darren-wang gravatar imagedarren-wang ( 2014-10-23 07:14:38 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-09-02 07:54:13 -0600

Seen: 139 times

Last updated: Sep 02 '14