Ask Your Question
0

Cannot create scoped token from openid unscoped token - authenticate_for_token() got an unexpected keyword argument 'scope'

asked 2016-06-26 01:48:46 -0500

Peter gravatar image

updated 2016-06-27 00:35:04 -0500

Hello

Running mitaka keystone.

I manage to get an openid (google) backed keystone token but I cannot seem to get a scoped token from this.

curl -H "Content-type:application/json" -d '
{
    "auth": {
        "identity": {
            "methods": [
                "token"
            ],
            "token": {
                "id": "gAAAAA...AcZfhUFoBs"
            }
        }
    },
    "scope": {
      "project": {
        "id": "dae57b1f27f7456a995c7ab784f2c060",
        "domain": { "id": "e4de7fbf3e9d4a9d9a5a3a43d6690d58" }
      }
    }
}' http://localhost:5000/v3/auth/tokens

returns

{"error": {"message": "authenticate_for_token() got an unexpected keyword argument 'scope'", "code": 400, "title": "Bad Request"}}

Similar reports indicate a missing domain, but as far as I can see, I did add it.

Tried combinations of id and name for project and domain but always get the same result

I can use the token to list projects and domains using http://localhost:5000/v3/domains and http://localhost:5000/v3/projects

keystone log says

2016-06-26 08:49:42.880 15257 DEBUG keystone.middleware.auth [req-1f6792a4-a920-40af-b8e5-fab418cc33b5 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. _build_auth_context /usr/lib/python2.7/dist-packages/keystone/middleware/auth.py:71
2016-06-26 08:49:42.881 15257 INFO keystone.common.wsgi [req-1f6792a4-a920-40af-b8e5-fab418cc33b5 - - - - -] POST http://localhost:5000/v3/auth/tokens
2016-06-26 08:49:42.882 15257 ERROR keystone.common.wsgi [req-1f6792a4-a920-40af-b8e5-fab418cc33b5 - - - - -] authenticate_for_token() got an unexpected keyword argument 'scope'
2016-06-26 08:49:42.882 15257 ERROR keystone.common.wsgi Traceback (most recent call last):
2016-06-26 08:49:42.882 15257 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 249, in __call__
2016-06-26 08:49:42.882 15257 ERROR keystone.common.wsgi     result = method(context, **params)
2016-06-26 08:49:42.882 15257 ERROR keystone.common.wsgi TypeError: authenticate_for_token() got an unexpected keyword argument 'scope'
2016-06-26 08:49:42.882 15257 ERROR keystone.common.wsgi

All tips warmly welcomed

Tx!

Peter

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2016-06-27 10:08:57 -0500

This is a known issue with keystoneclient, and looks like it carried over to middleware.

I wrote a simple alternative using the client (Newtown) that shows the general approach to the solution:

http://adam.younglogic.com/2016/06/sa...

For now, you can use the Federated approach to get an unscoped token, then use a token auth plugin manually (this is a really bad solution I know)

edit flag offensive delete link more

Comments

Thanks for your answer! Do you happen to have a reference to the bug? I would like to follow up on it. Wrt your alternative, not sure how that would work with e.g. google authentication. Could you provide a list of steps or a high level approach? Tx!

Peter gravatar imagePeter ( 2016-06-27 16:26:32 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-06-26 01:48:46 -0500

Seen: 319 times

Last updated: Jun 27 '16