[openstack-dev] [keystone][monasca][congress][senlin][telemetry] authenticated webhook notifications

Eric K ekcs.openstack at gmail.com
Tue May 8 19:29:45 UTC 2018

Thanks, Thomas!

I see the point that it is impractical to configure a service with a fixed
keystone token to use in webhook notifications because they expire fairly

I'm thinking about the situation where the sending service can obtain
tokens directly from keystone. In that case I'm guessing the main reason
it hasn't been done that way is because it does not generalize to most
other services that don't connect to keystone?

On 5/6/18, 9:30 AM, "Thomas Herve" <therve at redhat.com> wrote:

>On Sat, May 5, 2018 at 1:53 AM, Eric K <ekcs.openstack at gmail.com> wrote:
>> Thanks a lot Witold and Thomas!
>> So it doesn't seem that someone is currently using a keystone token to
>> authenticate web hook? Is is simply because most of the use cases had
>> involved services which do not use keystone?
>> Or is it unsuitable for another reason?
>It's fairly impractical for webhooks because
>1) Tokens expire fairly quickly.
>2) You can't store all the data in the URL, so you need to store the
>token and the URL separately.
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe

More information about the OpenStack-dev mailing list