Public bug reported:
OAuth authentication is always scoped within an oauth authentication.
Because it's still just a v3 authentication you can provide your own
scope with a oauth request. Whatever you provide as scope to the
authentication is silently ignored and your token is scoped to whatever
project the oauth is scoped to.
Note: This should not be a security risk because you are always being
scoped to where your authorization is. The oauth scope is being used in
preference to your request scope.
I think this should fail. If you provide scope information seperate and
different from your oauth scope information then this should be a bad
request and you should not get a token.
I'm attaching the test script i'm using to play with oauth. You can run it with
the admin credentials from devstack.
** Affects: keystone
Importance: Undecided
Status: New
** Attachment added: "oauthtest.py"
https://bugs.launchpad.net/bugs/1579659/+attachment/4659027/+files/oauthtest.py
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1579659
Title:
oauth login silently ignores scope
Status in OpenStack Identity (keystone):
New
Bug description:
OAuth authentication is always scoped within an oauth authentication.
Because it's still just a v3 authentication you can provide your own
scope with a oauth request. Whatever you provide as scope to the
authentication is silently ignored and your token is scoped to
whatever project the oauth is scoped to.
Note: This should not be a security risk because you are always being
scoped to where your authorization is. The oauth scope is being used
in preference to your request scope.
I think this should fail. If you provide scope information seperate
and different from your oauth scope information then this should be a
bad request and you should not get a token.
I'm attaching the test script i'm using to play with oauth. You can run it
with the admin credentials from devstack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1579659/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
