Merge "Remove references to UUID from token documentation"
This commit is contained in:
commit
f408e894ed
|
@ -3,10 +3,8 @@ Keystone tokens
|
|||
===============
|
||||
|
||||
Tokens are used to authenticate and authorize your interactions with the
|
||||
various OpenStack APIs. Tokens come in many flavors, representing various
|
||||
authorization scopes and sources of identity. There are also several different
|
||||
"token providers", each with their own user experience, performance, and
|
||||
deployment characteristics.
|
||||
various OpenStack APIs. Tokens come in many scopes, representing various
|
||||
authorization and sources of identity.
|
||||
|
||||
Authorization scopes
|
||||
--------------------
|
||||
|
@ -79,32 +77,8 @@ Token providers
|
|||
---------------
|
||||
|
||||
The token type issued by keystone is configurable through the
|
||||
``/etc/keystone/keystone.conf`` file. Currently, there are two supported
|
||||
token types, ``UUID`` and ``fernet``.
|
||||
|
||||
UUID tokens
|
||||
~~~~~~~~~~~
|
||||
|
||||
UUID was the first token type supported but was deprecated in Pike. UUID tokens
|
||||
are 32 bytes in length and must be persisted in a back end. Clients must pass
|
||||
their UUID token to the Identity service in order to validate it.
|
||||
|
||||
As mentioned above, UUID tokens must be persisted. By default, keystone
|
||||
persists UUID tokens using a SQL backend. An unfortunate side-effect is that
|
||||
the size of the database will grow over time regardless of the token's
|
||||
expiration time. Expired UUID tokens can be pruned from the backend using
|
||||
keystone's command line utility:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ keystone-manage token_flush
|
||||
|
||||
We recommend invoking this command periodically using ``cron``.
|
||||
|
||||
.. NOTE::
|
||||
|
||||
It is not required to run this command at all if using Fernet tokens. Fernet
|
||||
tokens are not persisted and do not contribute to database bloat.
|
||||
``/etc/keystone/keystone.conf`` file. Currently, the only supported token
|
||||
provider is ``fernet``.
|
||||
|
||||
Fernet tokens
|
||||
~~~~~~~~~~~~~
|
||||
|
|
Loading…
Reference in New Issue