[openstack-dev] [all][keystone][product] api keys/application specific passwords
Zane Bitter
zbitter at redhat.com
Wed May 17 00:08:23 UTC 2017
On 16/05/17 01:06, Colleen Murphy wrote:
> Additionally, I think OAuth - either extending the existing OAuth1.0
> plugin or implementing OAuth2.0 - should probably be on the table.
I believe that OAuth is not a good fit for long-lived things like an
application needing to communicate with its own infrastructure. Tokens
are (a) tied to a user, and (b) expire, neither of which we want. Any
use case where you can't just drop the user into a web browser and ask
for their password at any time seem to be, at a minimum, excruciatingly
painful and often impossible with OAuth, because that is the use case it
was designed for.
cheers,
Zane.
More information about the OpenStack-dev
mailing list