15 Jul
2024
15 Jul
'24
7:18 p.m.
On 15/07/2024 12:17, leon.amtmann@ibm.com wrote:
In short: How does one end up with an unscoped token when trying to SSO against Keystone from something that is not Horizon?
Is this helpful? https://github.com/IFCA-Advanced-Computing/keystoneauth-oidc We use this to authenticate cli with keystone/SSO. Given this works for cli, you should be able to use the underlying openstacksdk library and keystoneauth-oidc to get a token in order to interact with the APIs, if i've understood correctly what you want to achieve. Jonathan.