OpenStack Identity (keystone)

Enhancement of OAuth2.0 Interoperability

Registered by Hiromu Asahina on 2022-04-07

The current OAuth2.0 in keystonemiddlware only supports Keystone as an authorization server. In order to improve the interoperability of OAuth2.0 in Keystone, it is necessary to support using an external authorization server. This blueprint proposes to improve the versatility of OAuth2.0 in the Keystone by removing dependency on Keystone from keystonemiddleware.

Blueprint information

Status:: Not started

Approver:: None

Priority:: Undefined

Drafter:: Hiromu Asahina

Direction:: Needs approval

Assignee:: None

Definition:: New

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Related branches

Related bugs

Sprints

Whiteboard

[Client] --- API request + mTLS + OAuth2.0 ---> [keystonemiddleware] --- introspection ---> [External authorization server]

Gerrit topic: https://review.opendev.org/#/q/topic:bp/enhance-oauth2-interoperability

Addressed by: https://review.opendev.org/c/openstack/keystone-specs/+/861554
External OAuth2.0 Authorization Server Support

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.