Thanks Dolph,
I now have a pretty clear picture about it.
Br,
Tuan/Nokia
On Mon, Apr 10, 2017 at 2:58 PM, Dolph Mathews
wrote:
> The token itself is still expired, regardless of where it's persisted, if
> at all. Expired tokens are only considered valid when
The token itself is still expired, regardless of where it's persisted, if
at all. Expired tokens are only considered valid when presented as an
X-Auth-Token to keystonemiddleware.auth_token along with a valid
X-Service-Token, or when validating an X-Subject-Token against keystone
directly using
Hi Dolph,
Thanks for reply, it means that from the db point of view, token is expired
but it is still passed to other service users in request (token stored in
memory?) and keystone allows this expired token? And to make this feature
working, we should apply the header of "X-Service-Token" and
> does it mean that the token now will live forever
No; it behaves as described in the document you linked. If you have any
specific security concerns, please raise them appropriately (such as a
security bug, if necessary).
On Mon, Apr 3, 2017 at 5:27 AM lương hữu tuấn