Public bug reported:
In Juno and Kilo, when a role is revoked from a user on a project, a
callback is triggered that invalidates all of that user's tokens. I can
see why we'd want to do that for scoped tokens. But by revoking the
unscoped token as well, the user is forced to log out and log back in.
It seems like the unscoped token should be left alone, since revoking a
role is an authorization change, and the unscoped token is an
authentication issue.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1511775
Title:
Revoking a role revokes the unscoped token for a user
Status in OpenStack Identity (keystone):
New
Bug description:
In Juno and Kilo, when a role is revoked from a user on a project, a
callback is triggered that invalidates all of that user's tokens. I
can see why we'd want to do that for scoped tokens. But by revoking
the unscoped token as well, the user is forced to log out and log back
in. It seems like the unscoped token should be left alone, since
revoking a role is an authorization change, and the unscoped token is
an authentication issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1511775/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
