On 05-Dec 15:14, Lance Bragstad wrote: > I put myself in Boris' camp on this one. This can open up the opportunity > for negative user-experience, purely based on where I authenticate and > which token I happen to authenticate with. A token would no longer be > something I can assume to be properly validated against any node in my > deployment. Now, when I receive a 401 Unauthorized, is it because the token > is actually invalid, did I use the wrong endpoint, or did I use a token > with the wrong scope for the endpoint I wanted to interact with? >
I agree. I think having different behavior for tokens based on scope will not only lead to bad user experiences, but will lead to baking in those rules into the client. Someone will propose this as soon as they get confused by the token 401ing unexpectedly. -- david stanek web: http://www.dstanek.com blog: http://www.traceback.org __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev