diff --git a/doc/source/authentication-plugins.rst b/doc/source/authentication-plugins.rst index cba778fa..ce34793d 100644 --- a/doc/source/authentication-plugins.rst +++ b/doc/source/authentication-plugins.rst @@ -59,6 +59,8 @@ this V3 defines a number of different a V3 identity service using Time-Based One-Time Password (TOTP). - :py:class:`~keystoneauth1.identity.v3.TokenlessAuth`: Authenticate against a V3 identity service using tokenless authentication. +- :py:class:`~keystoneauth1.identity.v3.ApplicationCredentialMethod`: + Authenticate against a V3 identity service using an application credential. - :py:class:`~keystoneauth1.extras.kerberos.KerberosMethod`: Authenticate against a V3 identity service using Kerberos. @@ -179,6 +181,29 @@ access token's key and secret. For example:: >>> s = session.Session(auth=a) +Application Credentials +======================= + +There is a specific authentication method for interacting with Identity servers +that support application credential authentication. Since application +credentials are associated to a user on a specific project, some parameters are +not required as they would be with traditional password authentication. The +following method can be used to authenticate for a token using an application +credential:: + +- :py:class:`~keystoneauth1.identity.v3.ApplicationCredential`: + +The following example shows the method usage with a session:: + + >>> from keystoneauth1 import session + >>> from keystone.identity import v3 + >>> auth = v3.ApplicationCredential( + application_credential_secret='application_credential_secret', + application_credential_id='c2872b920853478292623be94b657090' + ) + >>> sess = session.Session(auth=auth) + + Tokenless Auth ============== diff --git a/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml b/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml new file mode 100644 index 00000000..8223c17c --- /dev/null +++ b/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + [`blueprint application-credentials `_] + Support for authentication via an application credential has been added. + Keystoneauth can now be used to authenticate to Identity servers that + support application credentials.