So, the os-oauth routes you mention in the documentation do not make keystone a proper oauth provider. We simply perform delegation (one user handing some level of permission on a project to another entity) with the standard flow established in the oauth1.0b specification.
Historically we chose oauth1.0 because one of the implementers was very much against a flow based on oauth2.0 (though the names are similar, these can be treated as two very different beasts, you can read about it here [1]). Even amongst popular service providers the choice is split down the middle, some providing support for both [2] We haven't bothered to implement support for oauth2.0 since there has been no feedback or desire from operators to do so. Mostly, we don't want yet-another-delegation mechanism in keystone, we have trusts and oauth1.0; should an enticing use case arise to include another, then we can revisit the discussion. [1] https://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/ [2] https://en.wikipedia.org/wiki/List_of_OAuth_providers On Mon, Jun 27, 2016 at 11:15 PM, 林自均 <johnl...@gmail.com> wrote: > Hi all, > > When I am searching for OAuth provider in Keystone, I found only OAuth > 1.0. I am a little bit curious about the decision of 1.0 over 2.0. I failed > to see the reason in the documentation > <https://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-oauth1-ext.html> > and this blueprint > <https://blueprints.launchpad.net/keystone/+spec/delegated-auth-via-oauth>. > Is OAuth 2.0 not compatible with design of Keystone? > > John > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
