Implement auth on Identity API v3
Identity API v2 briefly had an extension called OS-KSVALIDATE, the goal of which was to eliminate the use of token ID's in URL's (see bug 861854).
Example calls from OS-KSVALIDATE:
GET /v2.0/token/
GET /v2.0/token/
DELETE /v2.0/token (passing in X-Subject-Token)
Given that this needs to be a core behavior, the Identity API v3 auth spec picked up the use of the X-Subject-Token header, rather than passing token ID's as part of a restful URL.
The goal of this blueprint is therefore to implement the following Identity API v3 calls:
Exchanging credentials for a token: POST /v3/auth
Online token validation: GET /v3/auth (passing in X-Subject-Token)
Retrieve service catalog for a token: GET /v2.0/auth/catalog (passing in X-Subject-Token)
Token revocation: DELETE /v2.0/auth (passing in X-Subject-Token)
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- High
- Drafter:
- None
- Direction:
- Approved
- Assignee:
- Guang Yee
- Definition:
- Approved
- Series goal:
- Accepted for grizzly
- Implementation:
- Implemented
- Milestone target:
- 2013.1
- Started by
- Joseph Heck
- Completed by
- Thierry Carrez
Related branches
Related bugs
Sprints
Whiteboard
Originally implemented in legacy here: https:/
Addressed by: https:/
Gerrit topic: https:/
Addressed by: https:/
blueprint pluggable-
Gerrit topic: https:/
Work Items
Dependency tree
* Blueprints in grey have been implemented.