keystone

History

Dave Wilde (d34dh0r53) 164d9522b8 Limit token expiration to application credential expiration If a token is issued with an application credential we need to check the expiration of the application credential to ensure that the token does not outlive the application credential. This ensures that if the token expiration is greaten than that of the application credential it is reset to the expiration of the application credential and a warning is logged. Please see CVE-2022-2447 for more information. Closes-Bug: 1992183 Change-Id: If6f9f72cf25769d022a970fac36cead17b2030f2 (cherry picked from commit `8f999d1c1f`)		2022-10-30 02:27:25 +00:00
..
providers	Fix "allow expired" feature for JWT	2020-07-08 17:30:36 +05:30
__init__.py	Remove the sql token driver and uuid token provider	2018-02-12 17:32:47 +00:00
provider.py	Limit token expiration to application credential expiration	2022-10-30 02:27:25 +00:00
token_formatters.py	Only log warnings about token length when length exceeds max_token_size	2022-07-26 13:58:53 +00:00