OIDC/OAuth2 token introspection in Keystone
We just approved a feature request for that , however it was merged to backlog, meaning no specific timeline for it being implemented yet.
With the current implementation, you can use OAuth 2.0 Access Tokens with Keystone, however the token introspection endpoint will be used, therefore only the claims contained in the access token will be returned. I am assuming your question is with regards to the userinfo endpoint and OIDC claims, which we do not currently support.
On Jan 8, 2020, at 8:01 AM, mcarpene <m.carpen at cineca.it<mailto:m.carpen at cineca.it>> wrote:
Hi all, my question is:
could OS Keystone support OIDC/OAuth2 token introspection/validation. I mean for example executing a swift command via CLI adding a OIDC token bearer as a parameter to the swift command. In this case Keystone should validate the OIDC token towards and external IdP (using introspection endpoint/protocol for oidc).
Is this currently supported, or eventually would be done in the near future?
SuperComputing Applications and Innovation Department
CINECA - via Magnanelli, 6/3, 40033 Casalecchio di Reno (Bologna) - ITALY
Tel: +39 051 6171730 Fax: +39 051 6132198
-------------- next part --------------
An HTML attachment was scrubbed...