[openstack-dev] [keystone][monasca][congress][senlin][telemetry] authenticated webhook notifications

Thomas Herve therve at redhat.com
Sun May 6 16:30:20 UTC 2018


On Sat, May 5, 2018 at 1:53 AM, Eric K <ekcs.openstack at gmail.com> wrote:
> Thanks a lot Witold and Thomas!
>
> So it doesn't seem that someone is currently using a keystone token to
> authenticate web hook? Is is simply because most of the use cases had
> involved services which do not use keystone?
>
> Or is it unsuitable for another reason?

It's fairly impractical for webhooks because

1) Tokens expire fairly quickly.
2) You can't store all the data in the URL, so you need to store the
token and the URL separately.

-- 
Thomas



More information about the OpenStack-dev mailing list