OIDC/OAuth2 token introspection in Keystone
Nikolla, Kristi
knikolla at bu.edu
Wed Jan 8 15:28:14 UTC 2020
Hi Michele,
We just approved a feature request for that [0], however it was merged to backlog, meaning no specific timeline for it being implemented yet.
With the current implementation, you can use OAuth 2.0 Access Tokens with Keystone, however the token introspection endpoint will be used, therefore only the claims contained in the access token will be returned. I am assuming your question is with regards to the userinfo endpoint and OIDC claims, which we do not currently support.
[0]. https://review.opendev.org/#/c/373983/
On Jan 8, 2020, at 8:01 AM, mcarpene <m.carpen at cineca.it<mailto:m.carpen at cineca.it>> wrote:
Hi all, my question is:
could OS Keystone support OIDC/OAuth2 token introspection/validation. I mean for example executing a swift command via CLI adding a OIDC token bearer as a parameter to the swift command. In this case Keystone should validate the OIDC token towards and external IdP (using introspection endpoint/protocol for oidc).
Is this currently supported, or eventually would be done in the near future?
thanks Michele
--
Michele Carpené
SuperComputing Applications and Innovation Department
CINECA - via Magnanelli, 6/3, 40033 Casalecchio di Reno (Bologna) - ITALY
Tel: +39 051 6171730 Fax: +39 051 6132198
Skype: mcarpene
http://www.hpc.cineca.it/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200108/9decb0fa/attachment.html>
More information about the openstack-discuss
mailing list