[openstack-dev] [Keystone][Token expiration]

lương hữu tuấn tuantuluong at gmail.com
Mon Apr 3 10:25:45 UTC 2017


Hi keystone folks,

I have had a chance to take a look to this below patch for allowing the
expired token and it was merged in Octaka:

https://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/allow-expired.html

In our project, we also have problem with token expiration when running
mistral workflow. I have a concern that if this patch works as it does,
does it mean that the token now will live forever ("forever" seems so
sloppy, but it seems like the token is no longer expired). In this case, it
seems not good for security purpose.

Br,

Tuan/Nokia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170403/a10ef54e/attachment.html>


More information about the OpenStack-dev mailing list