keystone

History

Colleen Murphy 330911cee4 Ensure OAuth1 authorized roles are respected Without this patch, when an OAuth1 request token is authorized with a limited set of roles, the roles for the access token are ignored when the user uses it to request a keystone token. This means that user of an access token can use it to escallate their role assignments beyond what was authorized by the creator. This patch fixes the issue by ensuring the token model accounts for an OAuth1-scoped token and correctly populating the roles for it. Change-Id: I02f9836fbd4d7e629653977fc341476cfd89859e Closes-bug: #1873290 (cherry picked from commit `6c73690f77`) (cherry picked from commit `ba89d27793`) (cherry picked from commit 5ff52dbaa2082991d229d8557a8e4b65256d6c53)	2020-05-06 08:18:06 -07:00
..
notes	Ensure OAuth1 authorized roles are respected	2020-05-06 08:18:06 -07:00
source	Merge "Update reno for stable/rocky"	2018-08-10 06:47:06 +00:00

Colleen Murphy 330911cee4 Ensure OAuth1 authorized roles are respected

Without this patch, when an OAuth1 request token is authorized with a
limited set of roles, the roles for the access token are ignored when
the user uses it to request a keystone token. This means that user of an
access token can use it to escallate their role assignments beyond what
was authorized by the creator. This patch fixes the issue by ensuring
the token model accounts for an OAuth1-scoped token and correctly
populating the roles for it.

Change-Id: I02f9836fbd4d7e629653977fc341476cfd89859e
Closes-bug: #1873290
(cherry picked from commit 6c73690f77)
(cherry picked from commit ba89d27793)
(cherry picked from commit 5ff52dbaa2082991d229d8557a8e4b65256d6c53)

2020-05-06 08:18:06 -07:00

notes Ensure OAuth1 authorized roles are respected 2020-05-06 08:18:06 -07:00

source Merge "Update reno for stable/rocky" 2018-08-10 06:47:06 +00:00