Public bug reported: When a developer is implementing an Authentication plugin [1] they can only return None and setup the relevant information in the auth context or raise an Unauthorized exception. However, in some cases (like an OpenID Connect plugin) it is needed to perform a redirect to the provider to complete the flow. IIRC this was possible in the past (before moving to Flask) by raising an exception with the proper HTTP code set, but with the current implementation this is impossible.
[1]: https://docs.openstack.org/keystone/latest/contributor/auth- plugins.html ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1854041 Title: Keystone should propagate redirect exceptions from auth plugins Status in OpenStack Identity (keystone): New Bug description: When a developer is implementing an Authentication plugin [1] they can only return None and setup the relevant information in the auth context or raise an Unauthorized exception. However, in some cases (like an OpenID Connect plugin) it is needed to perform a redirect to the provider to complete the flow. IIRC this was possible in the past (before moving to Flask) by raising an exception with the proper HTTP code set, but with the current implementation this is impossible. [1]: https://docs.openstack.org/keystone/latest/contributor/auth- plugins.html To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1854041/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
