AFAIK, that is right we need admin privileges to check validity. Other thing which is surprising, if a service creates a token.. it requires admin privileges to delete that token. I would not expect all services to be aware of admin credentials.
Thanks, -Ravi. On Thu, Jun 20, 2013 at 12:36 PM, Janus Godard <jgv...@gmail.com> wrote: > Hi, > > I'm new to OpenStack. I'm looking at deploying two 3rd party services > along OpenStack and would like to use Keystone for they authentication > mechanism. Service A will authenticate and get a token from keystone and > use it for REST requests to service B. Those two services don't use WSGI, > just the REST API. Is there a way for service B to validate the token with > keystone without having an admin role or the admin token? > > Sorry for the noob question. The only thing I found in the doc is the GET > method that requires admin permissions: > > http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_validateToken_v2.0_tokens__tokenId__Token_Operations.html > And from what I read in the compute admin docs the OpenStack services seem > to rely on admin credentials or token. > > Regards, > > Janus > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > -- Ravi
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
