[openstack-dev] [Keystone] API to get Token for Trusts
Adam Young
ayoung at redhat.com
Fri Dec 21 04:16:18 UTC 2012
On 12/20/2012 11:10 PM, Dolph Mathews wrote:
> I'd vote for POST for exactly the reasoning you describe. I'd also
> consider avoiding putting the trust ID in the URL for the same reason
> we don't want token ID's in URL's: it's a secret and effectively a
> credential.
I suspected someone would respond with that. It actually is not a
secret. The user must authenticate as themselves in order to get the
token for the trust. Anyone can know about the trust, only the trustee
can get a token for that trust.
That said, it might be smart to hide the trust ID just because "why
share it."
Would it make more sense to do as the payload
{trust_id:"123456789ABCDEF"}
And make the POST to /token/trusts/{trustid} ?
>
> On Thursday, December 20, 2012, Adam Young wrote:
>
> I originally wrote that the Trusts API was going to use the
> Authenticate call (HTTP POST to /tokens) to get a token for
> the trust, but the more I think about it, the less I like this.
> We have already overloaded that call with too many different ways
> to get a token.
>
> It would not be proper instead to use:
>
> GET /trusts/{trustid}/token
>
> To get a token for a trust, GET is supposed to be idempotent. It
> seems like it should be a POST verb, as we are getting back a new
> object. Thus would
>
> POST /trusts/{trustid}/token
>
> Make more sense? I can see an argument that getting a token
> should be under the token router and controller. Thus maybe:
>
> POST /token/trusts/{trustid}
>
> Would be the right action and URL? Any Feedback?
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> --
>
> -Dolph
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121220/b0367200/attachment.html>
More information about the OpenStack-dev
mailing list