Identity/Auth API

Registered by Ziad Sawalha

Spec for identity API. This continues support for the Rackspace Auth protocol version (1.x) and moves it to the OpenStack namespace at version 2.0.

Blueprint information

Status:
Complete
Approver:
Ziad Sawalha
Priority:
High
Drafter:
Rackspace Architecture
Direction:
Approved
Assignee:
Ziad Sawalha
Definition:
Approved
Series goal:
Accepted for diablo
Implementation:
Implemented
Milestone target:
milestone icon diablo-2
Started by
Ziad Sawalha
Completed by
Ziad Sawalha

Related branches

Sprints

Whiteboard

Service API:

    POST /tokens
        Returns a token in exchange for valid credentials.

    GET /tenants
        Returns a list of tenants for my X-Auth-Token.

        This implies that an unscoped token returns a list of all tenants
        associated with the user, and that a scoped token returns the single
        tenant the token is associated with.

Admin API (Superset of Service API):

    POST /tokens
        Returns a token in exchange for valid credentials.

    GET /tokens/{token_id}
        Validates a token.

        Returns token expiration, user info, and the user's roles for the given
        token.

    HEAD /tokens/{token_id}
        Validates a token (for performance).

    GET /tokens/{token_id}?belongsTo={tenant_id}
        Validates that a token belongs to a specific tenant.

        Returns token expiration, user info, and the user's roles for the given
        token.

    HEAD /tokens/{token_id}?belongsTo={tenant_id}
        Validates that a token belongs to a specific tenant (for performance).

    GET /tokens/{token_id}/endpoints
        Returns a list of endpoints associated with a specific token.

    GET /users/?username={user_name}
        Returns detailed information about a specific user, by user name.

    GET /users/{user_id}
        Returns detailed information about a specific user, by user id.

    GET /users/{user_id}/roles
        Returns global roles for a specific user (excludes tenant roles).

    GET /tenants
        Returns a list of all tenants.

    GET /tenants/?name={tenant_name}
        Returns detailed information about a tenant, by name.

    GET /tenants/{tenant_id}
        Returns detailed information about a tenant, by id.

    GET /tenants/{tenant_id}/users/{user_id}/roles
        Returns a list of roles for a user on a specific tenant.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.