api-ref: Correcting V3 Authentication APIs
http://developer.openstack.org/api-ref/identity/v3/index.html#authentication-and-token-management Change-Id: I17a3a974c36c0992c681100833f0443963edbf69 Partial-Bug: #1610777
This commit is contained in:
parent
8d5926a962
commit
b3c838153f
|
@ -104,15 +104,15 @@ Request
|
||||||
|
|
||||||
.. rest_parameters:: parameters.yaml
|
.. rest_parameters:: parameters.yaml
|
||||||
|
|
||||||
|
- nocatalog: nocatalog
|
||||||
- domain: domain
|
- domain: domain
|
||||||
- name: name
|
- name: user_name
|
||||||
- auth: auth
|
- auth: auth
|
||||||
- user: user
|
- user: user
|
||||||
- password: password
|
- password: password
|
||||||
- id: id
|
- id: user_id
|
||||||
- identity: identity
|
- identity: identity
|
||||||
- methods: methods
|
- methods: auth_methods_passwd
|
||||||
- nocatalog: nocatalog
|
|
||||||
|
|
||||||
Request Example
|
Request Example
|
||||||
---------------
|
---------------
|
||||||
|
@ -127,15 +127,15 @@ Response Parameters
|
||||||
|
|
||||||
- X-Subject-Token: X-Subject-Token
|
- X-Subject-Token: X-Subject-Token
|
||||||
- domain: domain
|
- domain: domain
|
||||||
- methods: methods
|
- methods: auth_methods_passwd
|
||||||
- expires_at: expires_at
|
- expires_at: expires_at
|
||||||
- token: token
|
- token: token
|
||||||
- extras: extras
|
- extras: extras
|
||||||
- user: user
|
- user: user
|
||||||
- audit_ids: audit_ids
|
- audit_ids: audit_ids
|
||||||
- issued_at: issued_at
|
- issued_at: issued_at
|
||||||
- id: id
|
- id: user_id
|
||||||
- name: name
|
- name: user_name
|
||||||
|
|
||||||
|
|
||||||
Password authentication with scoped authorization
|
Password authentication with scoped authorization
|
||||||
|
@ -157,15 +157,15 @@ Request
|
||||||
|
|
||||||
.. rest_parameters:: parameters.yaml
|
.. rest_parameters:: parameters.yaml
|
||||||
|
|
||||||
- name: name
|
- nocatalog: nocatalog
|
||||||
|
- name: user_name
|
||||||
- auth: auth
|
- auth: auth
|
||||||
- user: user
|
- user: user
|
||||||
- scope: scope
|
- scope: scope
|
||||||
- password: password
|
- password: password
|
||||||
- id: id
|
- id: user_id
|
||||||
- identity: identity
|
- identity: identity
|
||||||
- methods: methods
|
- methods: auth_methods_passwd
|
||||||
- nocatalog: nocatalog
|
|
||||||
|
|
||||||
Request Example
|
Request Example
|
||||||
---------------
|
---------------
|
||||||
|
@ -181,7 +181,7 @@ Response Parameters
|
||||||
- X-Subject-Token: X-Subject-Token
|
- X-Subject-Token: X-Subject-Token
|
||||||
- domain: domain
|
- domain: domain
|
||||||
- region_id: region_id
|
- region_id: region_id
|
||||||
- methods: methods
|
- methods: auth_methods_passwd
|
||||||
- roles: roles
|
- roles: roles
|
||||||
- url: endpoint_url
|
- url: endpoint_url
|
||||||
- region: endpoint_region
|
- region: endpoint_region
|
||||||
|
@ -195,9 +195,9 @@ Response Parameters
|
||||||
- audit_ids: audit_ids
|
- audit_ids: audit_ids
|
||||||
- interface: endpoint_interface
|
- interface: endpoint_interface
|
||||||
- endpoints: endpoints
|
- endpoints: endpoints
|
||||||
- type: type
|
- type: endpoint_type
|
||||||
- id: id
|
- id: user_id
|
||||||
- name: name
|
- name: user_name
|
||||||
|
|
||||||
|
|
||||||
Password authentication with explicit unscoped authorization
|
Password authentication with explicit unscoped authorization
|
||||||
|
@ -219,15 +219,15 @@ Request
|
||||||
|
|
||||||
.. rest_parameters:: parameters.yaml
|
.. rest_parameters:: parameters.yaml
|
||||||
|
|
||||||
- name: name
|
- nocatalog: nocatalog
|
||||||
|
- name: user_name
|
||||||
- auth: auth
|
- auth: auth
|
||||||
- user: user
|
- user: user
|
||||||
- scope: scope
|
- scope: scope
|
||||||
- password: password
|
- password: password
|
||||||
- id: id
|
- id: user_id
|
||||||
- identity: identity
|
- identity: identity
|
||||||
- methods: methods
|
- methods: auth_methods_passwd
|
||||||
- nocatalog: nocatalog
|
|
||||||
|
|
||||||
Request Example
|
Request Example
|
||||||
---------------
|
---------------
|
||||||
|
@ -242,7 +242,7 @@ Response Parameters
|
||||||
|
|
||||||
- X-Subject-Token: X-Subject-Token
|
- X-Subject-Token: X-Subject-Token
|
||||||
- domain: domain
|
- domain: domain
|
||||||
- methods: methods
|
- methods: auth_methods_passwd
|
||||||
- roles: roles
|
- roles: roles
|
||||||
- expires_at: expires_at
|
- expires_at: expires_at
|
||||||
- token: token
|
- token: token
|
||||||
|
@ -250,8 +250,8 @@ Response Parameters
|
||||||
- user: user
|
- user: user
|
||||||
- audit_ids: audit_ids
|
- audit_ids: audit_ids
|
||||||
- issued_at: issued_at
|
- issued_at: issued_at
|
||||||
- id: id
|
- id: user_id
|
||||||
- name: name
|
- name: user_name
|
||||||
|
|
||||||
|
|
||||||
Token authentication with unscoped authorization
|
Token authentication with unscoped authorization
|
||||||
|
@ -271,12 +271,12 @@ Request
|
||||||
|
|
||||||
.. rest_parameters:: parameters.yaml
|
.. rest_parameters:: parameters.yaml
|
||||||
|
|
||||||
- identity: identity
|
|
||||||
- token: token
|
|
||||||
- id: id
|
|
||||||
- auth: auth
|
|
||||||
- methods: methods
|
|
||||||
- nocatalog: nocatalog
|
- nocatalog: nocatalog
|
||||||
|
- identity: identity
|
||||||
|
- token: auth_token
|
||||||
|
- id: auth_token_id
|
||||||
|
- auth: auth
|
||||||
|
- methods: auth_methods_token
|
||||||
|
|
||||||
Request Example
|
Request Example
|
||||||
---------------
|
---------------
|
||||||
|
@ -311,14 +311,14 @@ Request
|
||||||
|
|
||||||
.. rest_parameters:: parameters.yaml
|
.. rest_parameters:: parameters.yaml
|
||||||
|
|
||||||
- methods: methods
|
- nocatalog: nocatalog
|
||||||
|
- methods: auth_methods_token
|
||||||
- auth: auth
|
- auth: auth
|
||||||
- token: token
|
- token: auth_token
|
||||||
- audit_ids: audit_ids
|
- audit_ids: audit_ids
|
||||||
- scope: scope
|
- scope: scope
|
||||||
- id: id
|
- id: auth_token_id
|
||||||
- identity: identity
|
- identity: identity
|
||||||
- nocatalog: nocatalog
|
|
||||||
|
|
||||||
Request Example
|
Request Example
|
||||||
---------------
|
---------------
|
||||||
|
@ -367,8 +367,8 @@ Response Parameters
|
||||||
- X-Subject-Token: X-Subject-Token
|
- X-Subject-Token: X-Subject-Token
|
||||||
- X-Auth-Token: X-Auth-Token
|
- X-Auth-Token: X-Auth-Token
|
||||||
- domain: domain
|
- domain: domain
|
||||||
- methods: methods
|
- methods: auth_methods
|
||||||
- links: links
|
- links: domain_link_response_body
|
||||||
- user: user
|
- user: user
|
||||||
- token: token
|
- token: token
|
||||||
- expires_at: expires_at
|
- expires_at: expires_at
|
||||||
|
@ -378,8 +378,8 @@ Response Parameters
|
||||||
- roles: roles
|
- roles: roles
|
||||||
- audit_ids: audit_ids
|
- audit_ids: audit_ids
|
||||||
- issued_at: issued_at
|
- issued_at: issued_at
|
||||||
- id: id
|
- id: user_id
|
||||||
- name: name
|
- name: user_name
|
||||||
|
|
||||||
Response Example
|
Response Example
|
||||||
----------------
|
----------------
|
||||||
|
|
|
@ -116,12 +116,6 @@ service_id_path:
|
||||||
in: path
|
in: path
|
||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
user_id:
|
|
||||||
description: |
|
|
||||||
The user ID.
|
|
||||||
in: path
|
|
||||||
required: true
|
|
||||||
type: string
|
|
||||||
user_id_path:
|
user_id_path:
|
||||||
description: |
|
description: |
|
||||||
The user ID.
|
The user ID.
|
||||||
|
@ -402,6 +396,58 @@ auth:
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
type: object
|
type: object
|
||||||
|
auth_domain_id:
|
||||||
|
description: |
|
||||||
|
The ID of the domain. If you specify a user
|
||||||
|
name, you must specify either a domain ID or domain name.
|
||||||
|
in: body
|
||||||
|
required: false
|
||||||
|
type: string
|
||||||
|
auth_methods:
|
||||||
|
description: |
|
||||||
|
The authentication method, which is ``password``,
|
||||||
|
``token``, or both methods. Indicates the accumulated set of
|
||||||
|
authentication methods that were used to obtain the token. For
|
||||||
|
example, if the token was obtained by password authentication, it
|
||||||
|
contains ``password``. Later, if the token is exchanged by using
|
||||||
|
the token authentication method one or more times, the
|
||||||
|
subsequently created tokens contain both ``password`` and
|
||||||
|
``token`` in their ``methods`` attribute. Unlike multi-factor
|
||||||
|
authentication, the ``methods`` attribute merely indicates the
|
||||||
|
methods that were used to authenticate the user in exchange for a
|
||||||
|
token. The client is responsible for determining the total number
|
||||||
|
of authentication factors.
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
type: array
|
||||||
|
auth_methods_passwd:
|
||||||
|
description: |
|
||||||
|
The authentication method. For password
|
||||||
|
authentication, specify ``password``.
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
type: array
|
||||||
|
auth_methods_token:
|
||||||
|
description: |
|
||||||
|
The authentication method. For token
|
||||||
|
authentication, specify ``token``.
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
type: array
|
||||||
|
auth_token:
|
||||||
|
description: |
|
||||||
|
A ``token`` object. The token authentication
|
||||||
|
method is used. This method is typically used in combination with
|
||||||
|
a request to change authorization scope.
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
type: object
|
||||||
|
auth_token_id:
|
||||||
|
description: |
|
||||||
|
A token ID.
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
blob:
|
blob:
|
||||||
description: |
|
description: |
|
||||||
The credential itself, as a serialized blob.
|
The credential itself, as a serialized blob.
|
||||||
|
@ -865,6 +911,12 @@ endpoint_region:
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
endpoint_type:
|
||||||
|
description: |
|
||||||
|
The endpoint type.
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
endpoint_url:
|
endpoint_url:
|
||||||
description: |
|
description: |
|
||||||
The endpoint URL.
|
The endpoint URL.
|
||||||
|
@ -985,15 +1037,7 @@ groups:
|
||||||
type: array
|
type: array
|
||||||
id:
|
id:
|
||||||
description: |
|
description: |
|
||||||
The ID of the user. Required if you do not
|
[WIP]
|
||||||
specify the user name.
|
|
||||||
in: body
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
id_1:
|
|
||||||
description: |
|
|
||||||
The ID of the domain. If you specify a user
|
|
||||||
name, you must specify either a domain ID or domain name.
|
|
||||||
in: body
|
in: body
|
||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
|
@ -1197,45 +1241,6 @@ links_user:
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
type: object
|
type: object
|
||||||
methods:
|
|
||||||
description: |
|
|
||||||
The authentication method. For password
|
|
||||||
authentication, specify ``password``.
|
|
||||||
in: body
|
|
||||||
required: true
|
|
||||||
type: array
|
|
||||||
methods_1:
|
|
||||||
description: |
|
|
||||||
The authentication method. For token
|
|
||||||
authentication, specify ``token``.
|
|
||||||
in: body
|
|
||||||
required: true
|
|
||||||
type: array
|
|
||||||
methods_2:
|
|
||||||
description: |
|
|
||||||
The authentication method, which is ``password``,
|
|
||||||
``token``, or both methods. Indicates the accumulated set of
|
|
||||||
authentication methods that were used to obtain the token. For
|
|
||||||
example, if the token was obtained by password authentication, it
|
|
||||||
contains ``password``. Later, if the token is exchanged by using
|
|
||||||
the token authentication method one or more times, the
|
|
||||||
subsequently created tokens contain both ``password`` and
|
|
||||||
``token`` in their ``methods`` attribute. Unlike multi-factor
|
|
||||||
authentication, the ``methods`` attribute merely indicates the
|
|
||||||
methods that were used to authenticate the user in exchange for a
|
|
||||||
token. The client is responsible for determining the total number
|
|
||||||
of authentication factors.
|
|
||||||
in: body
|
|
||||||
required: true
|
|
||||||
type: array
|
|
||||||
name:
|
|
||||||
description: |
|
|
||||||
The user name. Required if you do not specify
|
|
||||||
the ID of the user. If you specify the user name, you must also
|
|
||||||
specify the domain, by ID or name.
|
|
||||||
in: body
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
name_1:
|
name_1:
|
||||||
description: |
|
description: |
|
||||||
The name of the domain. If you specify a user
|
The name of the domain. If you specify a user
|
||||||
|
@ -1335,10 +1340,10 @@ parent_region_id_response_body:
|
||||||
type: string
|
type: string
|
||||||
password:
|
password:
|
||||||
description: |
|
description: |
|
||||||
The user password.
|
The ``password`` object, contains the authentication information.
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: object
|
||||||
password_expires_at:
|
password_expires_at:
|
||||||
description: |
|
description: |
|
||||||
The date and time when the password expires. The time zone
|
The date and time when the password expires. The time zone
|
||||||
|
@ -1682,17 +1687,9 @@ token:
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
type: object
|
type: object
|
||||||
token_1:
|
|
||||||
description: |
|
|
||||||
A ``token`` object. The token authentication
|
|
||||||
method is used. This method is typically used in combination with
|
|
||||||
a request to change authorization scope.
|
|
||||||
in: body
|
|
||||||
required: true
|
|
||||||
type: object
|
|
||||||
type:
|
type:
|
||||||
description: |
|
description: |
|
||||||
The endpoint type.
|
[WIP]
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
@ -1745,6 +1742,13 @@ user_domain_id_update_body:
|
||||||
in: body
|
in: body
|
||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
|
user_id:
|
||||||
|
description: |
|
||||||
|
The ID of the user. Required if you do not
|
||||||
|
specify the user name.
|
||||||
|
in: body
|
||||||
|
required: false
|
||||||
|
type: string
|
||||||
user_id_1:
|
user_id_1:
|
||||||
description: |
|
description: |
|
||||||
The ID of the user who owns the credential.
|
The ID of the user who owns the credential.
|
||||||
|
@ -1769,6 +1773,14 @@ user_id_5:
|
||||||
in: body
|
in: body
|
||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
|
user_name:
|
||||||
|
description: |
|
||||||
|
The user name. Required if you do not specify
|
||||||
|
the ID of the user. If you specify the user name, you must also
|
||||||
|
specify the domain, by ID or name.
|
||||||
|
in: body
|
||||||
|
required: false
|
||||||
|
type: string
|
||||||
user_name_create_request_body:
|
user_name_create_request_body:
|
||||||
description: |
|
description: |
|
||||||
The user name. Must be unique within the owning domain.
|
The user name. Must be unique within the owning domain.
|
||||||
|
|
Loading…
Reference in New Issue