Ask Your Question
0

Keeping track of tokens

asked 2015-04-14 12:21:38 -0500

pentatonic gravatar image

When building a UI or application that potentially performs actions across different projects or even domains, there is a concern about how to keep track of the various tokens that get generated.

For example, a user may initially get an unscoped token, then get 3 different project scoped tokens from that token to perform various project specific operations.

What is a good practice to be able to perform the appropriate house keeping of these tokens? In the situation above, there are 4 tokens. In Horizon for example, which one gets DELETED when doing a sign out? What happens to the others?

In particular if PKI tokens are used, keeping those around may become problematic due to the size, if carried around through cookies.

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-04-24 13:55:02 -0500

david-lyle gravatar image

Currently, Horizon only maintains two tokens, an unscoped and the current project scoped token. Although your user may have access to 3 projects, when you select the project scope via the project picker in the header, a scoped token for that project is obtained and the scoped token for the previous project is deleted [1].

When the user logs out the current project scoped token is deleted since that is the only scoped token maintained at that point.

As an additional note, in almost all cases, using a server side session store is recommended. See: https://github.com/openstack/horizon/... for more details.

[1] https://github.com/openstack/django_o...

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-04-14 12:21:38 -0500

Seen: 119 times

Last updated: Apr 24 '15

Related questions

WARNING keystone.common.wsgi [-] Authorization failed. [closed]

Horizon Dashboard Admin Authorization after Kolla Deployment

Keeping original scope when requesting a new token from token

Devstack: Invalid credentials after reboot. Keyostone error 404

Horizon Keystone and Swift only ? [closed]

Refresh revoked token in horizon/keystone

Unable to login after SSL configuration

swift [Errno 111] Connection refused [closed]

Request for help with keystone identity service

Keystone process fails with core dump