032dd49db2
Both of these drivers were staged for removal in Rocky. Now that Rocky is open for development we can remove them. This commit removes just the bare-bones aspects of each. Subsequent patches will do the following: - Remove test class that were only meant for sql or uuid scenarios - Refactor the notification framework to not hint at token storage - Refactor the token provider API interfaces to be simpler and cleaner - Remove the needs_persistence property from the token provider API and document the ability to push that logic into individual providers that require it - Return 403 Forbidden for all requests to fetch a revocation list - Remove the signing directory configuration options These changes will result in simpler interfaces which will be important for people implementing their own token providers and storage layers. bp removed-as-of-rocky Change-Id: I76d5c29f6b1572ee3ec7f2b1af63ff31572de2ce
34 lines
1.1 KiB
ReStructuredText
34 lines
1.1 KiB
ReStructuredText
==============
|
|
Token provider
|
|
==============
|
|
|
|
OpenStack Identity supports customizable token providers. This is specified
|
|
in the ``[token]`` section of the configuration file. The token provider
|
|
controls the token construction, validation, and revocation operations.
|
|
|
|
You can register your own token provider by configuring the following property:
|
|
|
|
.. note::
|
|
|
|
More commonly, you can use this option to change the token provider to one
|
|
of the ones built in. Alternatively, you can use it to configure your own
|
|
token provider.
|
|
|
|
* ``provider`` - token provider driver.
|
|
Defaults to ``fernet``.
|
|
Implemented by :class:`keystone.token.providers.fernet.Provider`. This is the
|
|
entry point for the token provider in the ``keystone.token.provider``
|
|
namespace.
|
|
|
|
Below is the detailed list of the token formats supported by keystone.:
|
|
|
|
Fernet
|
|
``fernet`` tokens do not need to be persisted at all, but require that you run
|
|
``keystone-manage fernet_setup`` (also see the
|
|
``keystone-manage fernet_rotate`` command).
|
|
|
|
.. warning::
|
|
|
|
Fernet tokens are bearer tokens. They must be protected from unnecessary
|
|
disclosure to prevent unauthorized access.
|