<div dir="ltr"><div><span style="color:rgb(62,67,73);font-family:arial,sans-serif;font-size:14.4px">> </span><span style="color:rgb(33,33,33)">does it mean that the token now will live forever</span></div><div><span style="color:rgb(62,67,73);font-family:arial,sans-serif;font-size:14.4px"><br></span></div><div><span style="color:rgb(62,67,73);font-family:arial,sans-serif;font-size:14.4px">No; it behaves as described in the document you linked. If you have any specific security concerns, please raise them appropriately (such as a security bug, if necessary).</span></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Apr 3, 2017 at 5:27 AM lương hữu tuấn <<a href="mailto:tuantuluong@gmail.com">tuantuluong@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg">Hi keystone folks,<div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">I have had a chance to take a look to this below patch for allowing the expired token and it was merged in Octaka:</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg"><a href="https://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/allow-expired.html" class="gmail_msg" target="_blank">https://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/allow-expired.html</a><br class="gmail_msg"></div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">In our project, we also have problem with token expiration when running mistral workflow. I have a concern that if this patch works as it does, does it mean that the token now will live forever ("forever" seems so sloppy, but it seems like the token is no longer expired). In this case, it seems not good for security purpose.</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">Br,</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">Tuan/Nokia</div></div>
__________________________________________________________________________<br class="gmail_msg">
OpenStack Development Mailing List (not for usage questions)<br class="gmail_msg">
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" class="gmail_msg" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br class="gmail_msg">
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br class="gmail_msg">
</blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr">-Dolph</div></div>