Hi!
Currently, user can obtain information about his rights (roles, tenants,
endpoints) only saving response to POST /tokens query. If you are a
non-privileged user, have a token, and haven't saved the mentioned
response, you cannot know your rights - you have to make another POST
/tokens query and retrieve a new token.
However, if you are a keystone admin, you can GET /tokens/{token_id} and
retrieve extended information for token of any user.
Is it a security measure? Would it be acceptable if an ordinary user were
allowed to get his token data in any moment? There could be a GET
/tokens/{token_id} call that returns data for valid token_id or signals
that it is invalid.
--
Alessio Ababilov
Software Engineer
Grid Dynamics
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
