)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"1240befe_7bd99af0","updated":"2021-10-22 02:23:45.000000000","message":"Thank yor for your revsion.","commit_id":"a716ee64b236aa4504aa9ed17a65bd9f83ef9344"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"37b2fb72310c50ccbecbb58ad9dd3d76a4fdc2b7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"9b225e2c_7b68e2ab","updated":"2021-10-21 03:22:35.000000000","message":"Thank you for the comments.\nI\u0027ll fix it in Patchset 6","commit_id":"a716ee64b236aa4504aa9ed17a65bd9f83ef9344"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"3b68fc68c7d00c73699c17a4c143f491105b6501","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"10aaa1a9_8c091018","updated":"2021-11-02 14:03:54.000000000","message":"Thank you for proposing this, and thank you for your patience while I got to reviewing this.\n\nI think the general direction makes a lot of sense and I really want to see keystone support standards that are ubiquitous. Starting with OAuth 2.0 client_credentials and Token Introspection seems like a fantastic first step.\n\nHowever, I have serious concerns with adding a new token type and I\u0027d like a clarification with how users authenticate and how that authentication is used by the service.\n\nAlso, ideally, in the future I\u0027d like to see Keystone support more of OIDC/Auth 2.0, and I\u0027d like to think of how that would extend this is a way that doesn\u0027t create conflicting requirements/specifications.","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":7,"id":"62f3d2fc_4ddd5a94","in_reply_to":"10aaa1a9_8c091018","updated":"2021-11-10 09:44:19.000000000","message":"Thank you for your comments.\n\nPlease kindly find my replies to each comment.\n\nAs for OIDC, I\u0027m not confident to be honest, but considering the situation where keystone behaves as OpenID Provider, I think we can reuse the functions (e.g., the token introspection, token issuing, etc) and DB tables.\nAt least, it is possible to add an Authorization Code Grant in addition to the Client Credentials Grant defined in this spec.","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"79564f377b21d27101901a8df661755f0ad72afe","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"c78e5a69_255b6442","updated":"2021-11-18 15:59:42.000000000","message":"Let me know if you have any questions regards my comments.\n\nTo summarize: I\u0027m still not sure about the exact use case wrt delegation, but perhaps it might be best to use already existing application credentials mechanism, and create an API that allows clients to authentication using already existing application credentials. With that API conforming to the OAuth 2.0 client credentials grant.\n\nI feel strongly that this new API should just respond with normal keystone tokens. And we can introduce an API that takes keystone tokens (whatever they may be) and returns a response conforming to what OAuth 2.0 defines for that API.","commit_id":"c6bd4f232c0ca79c2313260aeb23a1d9f23ac83b"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"6607b647fa5f67131f5f28b87e67d00cc65525c5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"c10e4da7_a191aca6","in_reply_to":"c78e5a69_255b6442","updated":"2021-11-30 14:49:21.000000000","message":"Thank you for your comment and my apologies for the late reply.\nI basically agree with you, but I\u0027d like to discuss this further.\nPlease see my comments.","commit_id":"c6bd4f232c0ca79c2313260aeb23a1d9f23ac83b"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cc85d17d85d4ba834befe30013d7aaf59b6fed32","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"f3ad7df2_e5bd7a38","updated":"2022-01-06 06:55:25.000000000","message":"- Added a note that describes the Application Credentials is used as a backend of OAuth2.0 APIs and thus OAuth2.0 users must have permissions to access the Application Credentials APIs.\n- Omitted scope. We decided to give up implementing it in the Yoga release as it needs further discussion to integrate the OAuth2.0 scope format into the application credentials one.\n- Added DB table consisting of the values that are only available on OAuth2.0.\n\nAlso, please check that the current endpoint URLs are appropriate.\nIf you have a suggestion, please tell me. ","commit_id":"1b2884c8d9b595445fad8cd91c284bd1e0ffc0fa"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"3a9ade435605ca4f392578d0eceabdaf3916cca4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"9554a928_4d219a84","updated":"2022-01-14 10:34:02.000000000","message":"According to the discussion in the IRC meeting [1], we\u0027ll remove client API.\n\nWe feel we have to discuss the necessity of the Token Introspection API.\nAs we use X-Auth-Token, we can obtain token metadata and the validation result of a token via an existing keystone API.\nThus, we can remove this API as well.\n\nCould you tell me your opinion?\n\n\n[1] https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-01-11-15.00.log.html","commit_id":"b503863d93460a3522c6c3318af192f88429286d"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"24e949f60a5768569c818123612ce6ff38a85131","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"c9d1563b_d8cb14c6","updated":"2022-01-25 15:01:39.000000000","message":"Thank you. ","commit_id":"da9aa04912f0042f2f306f2ebb103612394fe280"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"34e441bfa130d851f4345f32c4de1f28cbf95987","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"2da4bf78_b7da4c30","updated":"2022-02-24 05:41:47.000000000","message":"Gage Hugo\nThank you for your comments.","commit_id":"8145886d241a48e9dd418c4b56a3a200a0ffe736"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"9f261950d7c8a5b00b203bc4bf167828ae93e3dd","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"4a0b3d3a_dd9ba228","updated":"2022-01-28 05:25:40.000000000","message":"Thank you for the review.\n\nI fixed some inappropriate sentences in PS14.","commit_id":"8145886d241a48e9dd418c4b56a3a200a0ffe736"}],"specs/keystone/yoga/oauth2-client-credentials-ext.rst":[{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":84,"context_line":"  seqdiag {"},{"line_number":85,"context_line":"    User; Client; \"Keystone Middleware\"; Keystone; \"OpenStack Service\";"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    User -\u003e \"Keystone\" [label \u003d \"POST /OS-OAUTH2/clients\"];"},{"line_number":88,"context_line":"    User \u003c-- Keystone"},{"line_number":89,"context_line":"    [label \u003d \"Response 201 Created\\n with Client credentials\"];"},{"line_number":90,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"34ccf4af_c6ee7301","line":87,"range":{"start_line":87,"start_character":38,"end_line":87,"end_character":56},"updated":"2021-10-20 09:23:54.000000000","message":"If the keystone oauth1 URL format is used as a reference, is the following format appropriate?\n/identity/v3/auth/OS-OAUTH2/clients","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":84,"context_line":"  seqdiag {"},{"line_number":85,"context_line":"    User; Client; \"Keystone Middleware\"; Keystone; \"OpenStack Service\";"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    User -\u003e \"Keystone\" [label \u003d \"POST /OS-OAUTH2/clients\"];"},{"line_number":88,"context_line":"    User \u003c-- Keystone"},{"line_number":89,"context_line":"    [label \u003d \"Response 201 Created\\n with Client credentials\"];"},{"line_number":90,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"b938240a_59fc093c","line":87,"range":{"start_line":87,"start_character":38,"end_line":87,"end_character":56},"in_reply_to":"34ccf4af_c6ee7301","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":84,"context_line":"  seqdiag {"},{"line_number":85,"context_line":"    User; Client; \"Keystone Middleware\"; Keystone; \"OpenStack Service\";"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    User -\u003e \"Keystone\" [label \u003d \"POST /OS-OAUTH2/clients\"];"},{"line_number":88,"context_line":"    User \u003c-- Keystone"},{"line_number":89,"context_line":"    [label \u003d \"Response 201 Created\\n with Client credentials\"];"},{"line_number":90,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"036b3199_78f42aa2","line":87,"range":{"start_line":87,"start_character":38,"end_line":87,"end_character":56},"in_reply_to":"34ccf4af_c6ee7301","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":91,"context_line":"    User -\u003e \"Client\""},{"line_number":92,"context_line":"    [label \u003d \"set credentials\"];"},{"line_number":93,"context_line":"    Client -\u003e \"Keystone\""},{"line_number":94,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/token\\n with credentials\"];"},{"line_number":95,"context_line":"    Client \u003c-- \"Keystone\""},{"line_number":96,"context_line":"    [label \u003d \"Response 201 Created\\n with Access Token\"];"},{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"16d9dbcb_8c57e0c6","line":94,"range":{"start_line":94,"start_character":21,"end_line":94,"end_character":31},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":91,"context_line":"    User -\u003e \"Client\""},{"line_number":92,"context_line":"    [label \u003d \"set credentials\"];"},{"line_number":93,"context_line":"    Client -\u003e \"Keystone\""},{"line_number":94,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/token\\n with credentials\"];"},{"line_number":95,"context_line":"    Client \u003c-- \"Keystone\""},{"line_number":96,"context_line":"    [label \u003d \"Response 201 Created\\n with Access Token\"];"},{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"eecc16fb_d6fc36bb","line":94,"range":{"start_line":94,"start_character":21,"end_line":94,"end_character":31},"in_reply_to":"16d9dbcb_8c57e0c6","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":91,"context_line":"    User -\u003e \"Client\""},{"line_number":92,"context_line":"    [label \u003d \"set credentials\"];"},{"line_number":93,"context_line":"    Client -\u003e \"Keystone\""},{"line_number":94,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/token\\n with credentials\"];"},{"line_number":95,"context_line":"    Client \u003c-- \"Keystone\""},{"line_number":96,"context_line":"    [label \u003d \"Response 201 Created\\n with Access Token\"];"},{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"c2c4dd5c_07bb4d35","line":94,"range":{"start_line":94,"start_character":21,"end_line":94,"end_character":31},"in_reply_to":"16d9dbcb_8c57e0c6","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":93,"context_line":"    Client -\u003e \"Keystone\""},{"line_number":94,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/token\\n with credentials\"];"},{"line_number":95,"context_line":"    Client \u003c-- \"Keystone\""},{"line_number":96,"context_line":"    [label \u003d \"Response 201 Created\\n with Access Token\"];"},{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""},{"line_number":98,"context_line":"    [label \u003d \"request\\n OpenStack Service API\\n with Access Token\"];"},{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3375a64a_a8e4e4df","line":96,"range":{"start_line":96,"start_character":23,"end_line":96,"end_character":34},"updated":"2021-10-20 09:23:54.000000000","message":"Is the following appropriate? \n200 OK","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":93,"context_line":"    Client -\u003e \"Keystone\""},{"line_number":94,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/token\\n with credentials\"];"},{"line_number":95,"context_line":"    Client \u003c-- \"Keystone\""},{"line_number":96,"context_line":"    [label \u003d \"Response 201 Created\\n with Access Token\"];"},{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""},{"line_number":98,"context_line":"    [label \u003d \"request\\n OpenStack Service API\\n with Access Token\"];"},{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"28548468_45630793","line":96,"range":{"start_line":96,"start_character":23,"end_line":96,"end_character":34},"in_reply_to":"3375a64a_a8e4e4df","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":93,"context_line":"    Client -\u003e \"Keystone\""},{"line_number":94,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/token\\n with credentials\"];"},{"line_number":95,"context_line":"    Client \u003c-- \"Keystone\""},{"line_number":96,"context_line":"    [label \u003d \"Response 201 Created\\n with Access Token\"];"},{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""},{"line_number":98,"context_line":"    [label \u003d \"request\\n OpenStack Service API\\n with Access Token\"];"},{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"9d3d0c40_879d7d57","line":96,"range":{"start_line":96,"start_character":23,"end_line":96,"end_character":34},"in_reply_to":"3375a64a_a8e4e4df","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""},{"line_number":98,"context_line":"    [label \u003d \"request\\n OpenStack Service API\\n with Access Token\"];"},{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""},{"line_number":100,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/introspect\\n with Access Token\"];"},{"line_number":101,"context_line":"    \"Keystone Middleware\" \u003c-- \"Keystone\""},{"line_number":102,"context_line":"    [label \u003d \"Response 200 Created\\n with Access Token metadata\"];"},{"line_number":103,"context_line":"    \"Keystone Middleware\" -\u003e \"OpenStack Service\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"a327ee8e_9295efc3","line":100,"range":{"start_line":100,"start_character":21,"end_line":100,"end_character":31},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""},{"line_number":98,"context_line":"    [label \u003d \"request\\n OpenStack Service API\\n with Access Token\"];"},{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""},{"line_number":100,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/introspect\\n with Access Token\"];"},{"line_number":101,"context_line":"    \"Keystone Middleware\" \u003c-- \"Keystone\""},{"line_number":102,"context_line":"    [label \u003d \"Response 200 Created\\n with Access Token metadata\"];"},{"line_number":103,"context_line":"    \"Keystone Middleware\" -\u003e \"OpenStack Service\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"34b21e82_8c2900bf","line":100,"range":{"start_line":100,"start_character":21,"end_line":100,"end_character":31},"in_reply_to":"a327ee8e_9295efc3","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":97,"context_line":"    Client -\u003e \"Keystone Middleware\""},{"line_number":98,"context_line":"    [label \u003d \"request\\n OpenStack Service API\\n with Access Token\"];"},{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""},{"line_number":100,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/introspect\\n with Access Token\"];"},{"line_number":101,"context_line":"    \"Keystone Middleware\" \u003c-- \"Keystone\""},{"line_number":102,"context_line":"    [label \u003d \"Response 200 Created\\n with Access Token metadata\"];"},{"line_number":103,"context_line":"    \"Keystone Middleware\" -\u003e \"OpenStack Service\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"9507d252_c0169ac9","line":100,"range":{"start_line":100,"start_character":21,"end_line":100,"end_character":31},"in_reply_to":"a327ee8e_9295efc3","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""},{"line_number":100,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/introspect\\n with Access Token\"];"},{"line_number":101,"context_line":"    \"Keystone Middleware\" \u003c-- \"Keystone\""},{"line_number":102,"context_line":"    [label \u003d \"Response 200 Created\\n with Access Token metadata\"];"},{"line_number":103,"context_line":"    \"Keystone Middleware\" -\u003e \"OpenStack Service\""},{"line_number":104,"context_line":"    [label \u003d \"forward API requst\\n with Access Token metadata\"];"},{"line_number":105,"context_line":"    \"Client\" \u003c-- \"OpenStack Service\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"7320c7ed_83e5af33","line":102,"range":{"start_line":102,"start_character":27,"end_line":102,"end_character":34},"updated":"2021-10-20 09:23:54.000000000","message":"OK","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""},{"line_number":100,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/introspect\\n with Access Token\"];"},{"line_number":101,"context_line":"    \"Keystone Middleware\" \u003c-- \"Keystone\""},{"line_number":102,"context_line":"    [label \u003d \"Response 200 Created\\n with Access Token metadata\"];"},{"line_number":103,"context_line":"    \"Keystone Middleware\" -\u003e \"OpenStack Service\""},{"line_number":104,"context_line":"    [label \u003d \"forward API requst\\n with Access Token metadata\"];"},{"line_number":105,"context_line":"    \"Client\" \u003c-- \"OpenStack Service\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"b04c6624_550ea64e","line":102,"range":{"start_line":102,"start_character":27,"end_line":102,"end_character":34},"in_reply_to":"7320c7ed_83e5af33","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":99,"context_line":"    \"Keystone Middleware\" -\u003e \"Keystone\""},{"line_number":100,"context_line":"    [label \u003d \"POST\\n /OS-OAUTH2/introspect\\n with Access Token\"];"},{"line_number":101,"context_line":"    \"Keystone Middleware\" \u003c-- \"Keystone\""},{"line_number":102,"context_line":"    [label \u003d \"Response 200 Created\\n with Access Token metadata\"];"},{"line_number":103,"context_line":"    \"Keystone Middleware\" -\u003e \"OpenStack Service\""},{"line_number":104,"context_line":"    [label \u003d \"forward API requst\\n with Access Token metadata\"];"},{"line_number":105,"context_line":"    \"Client\" \u003c-- \"OpenStack Service\""}],"source_content_type":"text/x-rst","patch_set":5,"id":"eb61c46f_fac110b1","line":102,"range":{"start_line":102,"start_character":27,"end_line":102,"end_character":34},"in_reply_to":"7320c7ed_83e5af33","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":130,"context_line":""},{"line_number":131,"context_line":"::"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"    POST /OS-OAUTH2/clients"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"Request:"},{"line_number":136,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"8d109d1e_df3f1f15","line":133,"range":{"start_line":133,"start_character":9,"end_line":133,"end_character":19},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":130,"context_line":""},{"line_number":131,"context_line":"::"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"    POST /OS-OAUTH2/clients"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"Request:"},{"line_number":136,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"44d5d21d_5e624e58","line":133,"range":{"start_line":133,"start_character":9,"end_line":133,"end_character":19},"in_reply_to":"8d109d1e_df3f1f15","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":130,"context_line":""},{"line_number":131,"context_line":"::"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"    POST /OS-OAUTH2/clients"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"Request:"},{"line_number":136,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"545b0d1e_895db03c","line":133,"range":{"start_line":133,"start_character":9,"end_line":133,"end_character":19},"in_reply_to":"8d109d1e_df3f1f15","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":162,"context_line":""},{"line_number":163,"context_line":"    {"},{"line_number":164,"context_line":"      \"client_id\": \"jFtpUlndpRGaAHuh9TsP3wtj\","},{"line_number":165,"context_line":"      \"client_secret\": \"e62bd4aa18c44ea28578005644ade3c7\","},{"line_number":166,"context_line":"      \"client_id_issued_at\": 1630459510,"},{"line_number":167,"context_line":"      \"expires_at\": 0,"},{"line_number":168,"context_line":"      \"client_name\": \"client\","}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a0027a9_2a583aaa","line":165,"range":{"start_line":165,"start_character":24,"end_line":165,"end_character":56},"updated":"2021-10-20 09:23:54.000000000","message":"As the UUID format is inappropriate, could you please revise it as follows?\n JDJiJDA0JExiVzA3bm1EZk5QMHNZZnJlY1BWeS5PMjcwMGxYdTNsRmlmcTNpcUdkcm5WdVFzNXp4aGVT","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":162,"context_line":""},{"line_number":163,"context_line":"    {"},{"line_number":164,"context_line":"      \"client_id\": \"jFtpUlndpRGaAHuh9TsP3wtj\","},{"line_number":165,"context_line":"      \"client_secret\": \"e62bd4aa18c44ea28578005644ade3c7\","},{"line_number":166,"context_line":"      \"client_id_issued_at\": 1630459510,"},{"line_number":167,"context_line":"      \"expires_at\": 0,"},{"line_number":168,"context_line":"      \"client_name\": \"client\","}],"source_content_type":"text/x-rst","patch_set":5,"id":"fb2c5b88_2545c9e8","line":165,"range":{"start_line":165,"start_character":24,"end_line":165,"end_character":56},"in_reply_to":"3a0027a9_2a583aaa","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":162,"context_line":""},{"line_number":163,"context_line":"    {"},{"line_number":164,"context_line":"      \"client_id\": \"jFtpUlndpRGaAHuh9TsP3wtj\","},{"line_number":165,"context_line":"      \"client_secret\": \"e62bd4aa18c44ea28578005644ade3c7\","},{"line_number":166,"context_line":"      \"client_id_issued_at\": 1630459510,"},{"line_number":167,"context_line":"      \"expires_at\": 0,"},{"line_number":168,"context_line":"      \"client_name\": \"client\","}],"source_content_type":"text/x-rst","patch_set":5,"id":"3c78f25f_fe071fc1","line":165,"range":{"start_line":165,"start_character":24,"end_line":165,"end_character":56},"in_reply_to":"3a0027a9_2a583aaa","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":178,"context_line":""},{"line_number":179,"context_line":"::"},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    GET /OS-OAUTH2/clients"},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"Response:"},{"line_number":184,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"406fe56f_58348ca8","line":181,"range":{"start_line":181,"start_character":8,"end_line":181,"end_character":18},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":178,"context_line":""},{"line_number":179,"context_line":"::"},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    GET /OS-OAUTH2/clients"},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"Response:"},{"line_number":184,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"da83d042_74dcba4d","line":181,"range":{"start_line":181,"start_character":8,"end_line":181,"end_character":18},"in_reply_to":"406fe56f_58348ca8","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":178,"context_line":""},{"line_number":179,"context_line":"::"},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    GET /OS-OAUTH2/clients"},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"Response:"},{"line_number":184,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"fdfa7e7b_3b278d03","line":181,"range":{"start_line":181,"start_character":8,"end_line":181,"end_character":18},"in_reply_to":"406fe56f_58348ca8","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":233,"context_line":""},{"line_number":234,"context_line":"::"},{"line_number":235,"context_line":""},{"line_number":236,"context_line":"    GET /OS-OAUTH2/clients/{client_id}"},{"line_number":237,"context_line":""},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"Response:"}],"source_content_type":"text/x-rst","patch_set":5,"id":"ddadf2d4_23c7cf9b","line":236,"range":{"start_line":236,"start_character":8,"end_line":236,"end_character":18},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":233,"context_line":""},{"line_number":234,"context_line":"::"},{"line_number":235,"context_line":""},{"line_number":236,"context_line":"    GET /OS-OAUTH2/clients/{client_id}"},{"line_number":237,"context_line":""},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"Response:"}],"source_content_type":"text/x-rst","patch_set":5,"id":"740c3583_545e8f34","line":236,"range":{"start_line":236,"start_character":8,"end_line":236,"end_character":18},"in_reply_to":"ddadf2d4_23c7cf9b","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":233,"context_line":""},{"line_number":234,"context_line":"::"},{"line_number":235,"context_line":""},{"line_number":236,"context_line":"    GET /OS-OAUTH2/clients/{client_id}"},{"line_number":237,"context_line":""},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"Response:"}],"source_content_type":"text/x-rst","patch_set":5,"id":"cd89a6a6_f1444ca2","line":236,"range":{"start_line":236,"start_character":8,"end_line":236,"end_character":18},"in_reply_to":"ddadf2d4_23c7cf9b","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    DELETE /OS-OAUTH2/client/{client_id}"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":".. note:: When a Client is deleted, corresponding Access Tokens will also be deleted."},{"line_number":269,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"2be2a59e_e9cd8aa5","line":266,"range":{"start_line":266,"start_character":11,"end_line":266,"end_character":21},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    DELETE /OS-OAUTH2/client/{client_id}"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":".. note:: When a Client is deleted, corresponding Access Tokens will also be deleted."},{"line_number":269,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"f6b24dad_27f02cda","line":266,"range":{"start_line":266,"start_character":11,"end_line":266,"end_character":21},"in_reply_to":"2be2a59e_e9cd8aa5","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    DELETE /OS-OAUTH2/client/{client_id}"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":".. note:: When a Client is deleted, corresponding Access Tokens will also be deleted."},{"line_number":269,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"2ec5336a_5411d5e5","line":266,"range":{"start_line":266,"start_character":11,"end_line":266,"end_character":21},"in_reply_to":"2be2a59e_e9cd8aa5","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":285,"context_line":""},{"line_number":286,"context_line":"::"},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"    POST /OS-OAUTH2/token"},{"line_number":289,"context_line":""},{"line_number":290,"context_line":"Request:"},{"line_number":291,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"020d7bfb_601eae3e","line":288,"range":{"start_line":288,"start_character":9,"end_line":288,"end_character":19},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":285,"context_line":""},{"line_number":286,"context_line":"::"},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"    POST /OS-OAUTH2/token"},{"line_number":289,"context_line":""},{"line_number":290,"context_line":"Request:"},{"line_number":291,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"06eb028a_b3cd82eb","line":288,"range":{"start_line":288,"start_character":9,"end_line":288,"end_character":19},"in_reply_to":"020d7bfb_601eae3e","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":285,"context_line":""},{"line_number":286,"context_line":"::"},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"    POST /OS-OAUTH2/token"},{"line_number":289,"context_line":""},{"line_number":290,"context_line":"Request:"},{"line_number":291,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"9738bdd3_fce8074c","line":288,"range":{"start_line":288,"start_character":9,"end_line":288,"end_character":19},"in_reply_to":"020d7bfb_601eae3e","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":292,"context_line":"::"},{"line_number":293,"context_line":""},{"line_number":294,"context_line":"  Host: server.example.com"},{"line_number":295,"context_line":"  Authorization: Basic MTI2YjZlZTdkOTA2NDJmZjhhN2Q2ZmRlZmE2YzZhNGY6dGVzdHB3ZA\u003d\u003d"},{"line_number":296,"context_line":"  Content-Type: application/x-www-form-urlencoded"},{"line_number":297,"context_line":""},{"line_number":298,"context_line":"  grant_type\u003dclient_credentials"}],"source_content_type":"text/x-rst","patch_set":5,"id":"d8c161ef_5fc3c4cd","line":295,"range":{"start_line":295,"start_character":23,"end_line":295,"end_character":79},"updated":"2021-10-20 09:23:54.000000000","message":"The result of encoding using client_id and client_secret above is as follows, so please correct them.\n　NzkxZDVlZDI2MjAxNDE4NWI4NTRlZjJhZGUwZGM0NWE6SkRKaUpEQTBKRXhpVnpBM2JtMUVaazVRTUhOWlpuSmxZMUJXZVM1UE1qY3dNR3hZZFROc1JtbG1jVE5wY1Vka2NtNVdkVkZ6TlhwNGFHVlQ\u003d","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":292,"context_line":"::"},{"line_number":293,"context_line":""},{"line_number":294,"context_line":"  Host: server.example.com"},{"line_number":295,"context_line":"  Authorization: Basic MTI2YjZlZTdkOTA2NDJmZjhhN2Q2ZmRlZmE2YzZhNGY6dGVzdHB3ZA\u003d\u003d"},{"line_number":296,"context_line":"  Content-Type: application/x-www-form-urlencoded"},{"line_number":297,"context_line":""},{"line_number":298,"context_line":"  grant_type\u003dclient_credentials"}],"source_content_type":"text/x-rst","patch_set":5,"id":"4915c2e8_e78d84a3","line":295,"range":{"start_line":295,"start_character":23,"end_line":295,"end_character":79},"in_reply_to":"d8c161ef_5fc3c4cd","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":292,"context_line":"::"},{"line_number":293,"context_line":""},{"line_number":294,"context_line":"  Host: server.example.com"},{"line_number":295,"context_line":"  Authorization: Basic MTI2YjZlZTdkOTA2NDJmZjhhN2Q2ZmRlZmE2YzZhNGY6dGVzdHB3ZA\u003d\u003d"},{"line_number":296,"context_line":"  Content-Type: application/x-www-form-urlencoded"},{"line_number":297,"context_line":""},{"line_number":298,"context_line":"  grant_type\u003dclient_credentials"}],"source_content_type":"text/x-rst","patch_set":5,"id":"88c9af40_b1dca51c","line":295,"range":{"start_line":295,"start_character":23,"end_line":295,"end_character":79},"in_reply_to":"d8c161ef_5fc3c4cd","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":307,"context_line":"  Pragma: no-cache"},{"line_number":308,"context_line":""},{"line_number":309,"context_line":"  {"},{"line_number":310,"context_line":"    \"access_token\": \"V5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA\","},{"line_number":311,"context_line":"    \"token_type\": \"Bearer\","},{"line_number":312,"context_line":"    \"expires_in\": 3600"},{"line_number":313,"context_line":"  }"}],"source_content_type":"text/x-rst","patch_set":5,"id":"fedcf7ba_9799daaa","line":310,"range":{"start_line":310,"start_character":21,"end_line":310,"end_character":63},"updated":"2021-10-20 09:23:54.000000000","message":"According to the following definitions in Line 504,\n access_token_oauth2:\n `id`uuuid\nit may be appropriate to say \"f69c9fb6947c47329b8955d629ac5722\" in UUID format.\n(This may be implementation-dependent)","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":307,"context_line":"  Pragma: no-cache"},{"line_number":308,"context_line":""},{"line_number":309,"context_line":"  {"},{"line_number":310,"context_line":"    \"access_token\": \"V5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA\","},{"line_number":311,"context_line":"    \"token_type\": \"Bearer\","},{"line_number":312,"context_line":"    \"expires_in\": 3600"},{"line_number":313,"context_line":"  }"}],"source_content_type":"text/x-rst","patch_set":5,"id":"e3c0248d_563ef948","line":310,"range":{"start_line":310,"start_character":21,"end_line":310,"end_character":63},"in_reply_to":"fedcf7ba_9799daaa","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":307,"context_line":"  Pragma: no-cache"},{"line_number":308,"context_line":""},{"line_number":309,"context_line":"  {"},{"line_number":310,"context_line":"    \"access_token\": \"V5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA\","},{"line_number":311,"context_line":"    \"token_type\": \"Bearer\","},{"line_number":312,"context_line":"    \"expires_in\": 3600"},{"line_number":313,"context_line":"  }"}],"source_content_type":"text/x-rst","patch_set":5,"id":"5ed4c2c1_84708cc7","line":310,"range":{"start_line":310,"start_character":21,"end_line":310,"end_character":63},"in_reply_to":"fedcf7ba_9799daaa","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":318,"context_line":""},{"line_number":319,"context_line":"  HTTP/1.1 401 Unauthorized"},{"line_number":320,"context_line":"  Content-Type: application/json"},{"line_number":321,"context_line":"  WWW-Authenticate: Keystone uri\u003d\"http://keysone.identity.host/identity/v3/clients\""},{"line_number":322,"context_line":"  Cache-Control: no-store"},{"line_number":323,"context_line":"  Pragma: no-cache"},{"line_number":324,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"1020338a_74d10000","line":321,"range":{"start_line":321,"start_character":63,"end_line":321,"end_character":74},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":318,"context_line":""},{"line_number":319,"context_line":"  HTTP/1.1 401 Unauthorized"},{"line_number":320,"context_line":"  Content-Type: application/json"},{"line_number":321,"context_line":"  WWW-Authenticate: Keystone uri\u003d\"http://keysone.identity.host/identity/v3/clients\""},{"line_number":322,"context_line":"  Cache-Control: no-store"},{"line_number":323,"context_line":"  Pragma: no-cache"},{"line_number":324,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"a02acf8b_235a4325","line":321,"range":{"start_line":321,"start_character":63,"end_line":321,"end_character":74},"in_reply_to":"1020338a_74d10000","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":318,"context_line":""},{"line_number":319,"context_line":"  HTTP/1.1 401 Unauthorized"},{"line_number":320,"context_line":"  Content-Type: application/json"},{"line_number":321,"context_line":"  WWW-Authenticate: Keystone uri\u003d\"http://keysone.identity.host/identity/v3/clients\""},{"line_number":322,"context_line":"  Cache-Control: no-store"},{"line_number":323,"context_line":"  Pragma: no-cache"},{"line_number":324,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"43c9c051_12507ebf","line":321,"range":{"start_line":321,"start_character":63,"end_line":321,"end_character":74},"in_reply_to":"1020338a_74d10000","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":347,"context_line":"::"},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"  Host: server.example.com"},{"line_number":350,"context_line":"  Authorization: Basic akZ0cFVsbmRwUkdhQUh1aDlUc1Azd3RqOkttbUViOE9ZNzV4RWZWR1o2bEVCRmNYUlRmMFE2RmFqbTJwWkp3emk0Y3V5UDJZRQ\u003d\u003d"},{"line_number":351,"context_line":"  Content-Type: application/x-www-form-urlencoded"},{"line_number":352,"context_line":""},{"line_number":353,"context_line":"  token\u003dV5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA\u0026token_type_hint\u003daccess_token"}],"source_content_type":"text/x-rst","patch_set":5,"id":"ef3de663_ffc15e5a","line":350,"range":{"start_line":350,"start_character":23,"end_line":350,"end_character":123},"updated":"2021-10-20 09:23:54.000000000","message":"The result of encoding using the information of Line 606-608, user_domain_name \u003d Default, password \u003d devstack, and username \u003d service, is as follows, so please correct them.\nc2VydmljZUBEZWZhdWx0OmRldnN0YWNr","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":347,"context_line":"::"},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"  Host: server.example.com"},{"line_number":350,"context_line":"  Authorization: Basic akZ0cFVsbmRwUkdhQUh1aDlUc1Azd3RqOkttbUViOE9ZNzV4RWZWR1o2bEVCRmNYUlRmMFE2RmFqbTJwWkp3emk0Y3V5UDJZRQ\u003d\u003d"},{"line_number":351,"context_line":"  Content-Type: application/x-www-form-urlencoded"},{"line_number":352,"context_line":""},{"line_number":353,"context_line":"  token\u003dV5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA\u0026token_type_hint\u003daccess_token"}],"source_content_type":"text/x-rst","patch_set":5,"id":"1abc4ea6_699273d2","line":350,"range":{"start_line":350,"start_character":23,"end_line":350,"end_character":123},"in_reply_to":"ef3de663_ffc15e5a","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":347,"context_line":"::"},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"  Host: server.example.com"},{"line_number":350,"context_line":"  Authorization: Basic akZ0cFVsbmRwUkdhQUh1aDlUc1Azd3RqOkttbUViOE9ZNzV4RWZWR1o2bEVCRmNYUlRmMFE2RmFqbTJwWkp3emk0Y3V5UDJZRQ\u003d\u003d"},{"line_number":351,"context_line":"  Content-Type: application/x-www-form-urlencoded"},{"line_number":352,"context_line":""},{"line_number":353,"context_line":"  token\u003dV5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA\u0026token_type_hint\u003daccess_token"}],"source_content_type":"text/x-rst","patch_set":5,"id":"4d29a647_1ab3156f","line":350,"range":{"start_line":350,"start_character":23,"end_line":350,"end_character":123},"in_reply_to":"ef3de663_ffc15e5a","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":436,"context_line":""},{"line_number":437,"context_line":"  HTTP/1.1 401 Unauthorized"},{"line_number":438,"context_line":"  Content-Type: application/json"},{"line_number":439,"context_line":"  WWW-Authenticate: Keystone uri\u003d\"http://keysone.identity.host/identity/v3/clients\""},{"line_number":440,"context_line":"  Cache-Control: no-store"},{"line_number":441,"context_line":"  Pragma: no-cache"},{"line_number":442,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"24bcce0f_3e8cd5b3","line":439,"range":{"start_line":439,"start_character":63,"end_line":439,"end_character":74},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":436,"context_line":""},{"line_number":437,"context_line":"  HTTP/1.1 401 Unauthorized"},{"line_number":438,"context_line":"  Content-Type: application/json"},{"line_number":439,"context_line":"  WWW-Authenticate: Keystone uri\u003d\"http://keysone.identity.host/identity/v3/clients\""},{"line_number":440,"context_line":"  Cache-Control: no-store"},{"line_number":441,"context_line":"  Pragma: no-cache"},{"line_number":442,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"457de26e_e2a47fa1","line":439,"range":{"start_line":439,"start_character":63,"end_line":439,"end_character":74},"in_reply_to":"24bcce0f_3e8cd5b3","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":436,"context_line":""},{"line_number":437,"context_line":"  HTTP/1.1 401 Unauthorized"},{"line_number":438,"context_line":"  Content-Type: application/json"},{"line_number":439,"context_line":"  WWW-Authenticate: Keystone uri\u003d\"http://keysone.identity.host/identity/v3/clients\""},{"line_number":440,"context_line":"  Cache-Control: no-store"},{"line_number":441,"context_line":"  Pragma: no-cache"},{"line_number":442,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"6461376a_b62c97d6","line":439,"range":{"start_line":439,"start_character":63,"end_line":439,"end_character":74},"in_reply_to":"24bcce0f_3e8cd5b3","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"d37c32fbe59695b9d479787393b47d40606efe6e","unresolved":true,"context_lines":[{"line_number":461,"context_line":""},{"line_number":462,"context_line":"   GET /resource HTTP/1.1"},{"line_number":463,"context_line":"   Host: server.example.com"},{"line_number":464,"context_line":"   Authorization: Bearer V5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA"},{"line_number":465,"context_line":""},{"line_number":466,"context_line":"The Keystone Middleware updates request headers with the metadata only if a"},{"line_number":467,"context_line":"token is valid. If a token is invalid or an error response is returned, it"}],"source_content_type":"text/x-rst","patch_set":5,"id":"8deced24_ad403df4","line":464,"range":{"start_line":464,"start_character":25,"end_line":464,"end_character":67},"updated":"2021-10-20 09:23:54.000000000","message":"ditto","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":false,"context_lines":[{"line_number":461,"context_line":""},{"line_number":462,"context_line":"   GET /resource HTTP/1.1"},{"line_number":463,"context_line":"   Host: server.example.com"},{"line_number":464,"context_line":"   Authorization: Bearer V5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA"},{"line_number":465,"context_line":""},{"line_number":466,"context_line":"The Keystone Middleware updates request headers with the metadata only if a"},{"line_number":467,"context_line":"token is valid. If a token is invalid or an error response is returned, it"}],"source_content_type":"text/x-rst","patch_set":5,"id":"e2b421f9_6652b05d","line":464,"range":{"start_line":464,"start_character":25,"end_line":464,"end_character":67},"in_reply_to":"8deced24_ad403df4","updated":"2021-11-10 09:44:19.000000000","message":"Done","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"824af2db50acde4364b15a815829cd3b8b9ec835","unresolved":false,"context_lines":[{"line_number":461,"context_line":""},{"line_number":462,"context_line":"   GET /resource HTTP/1.1"},{"line_number":463,"context_line":"   Host: server.example.com"},{"line_number":464,"context_line":"   Authorization: Bearer V5AHQhNpMG5fSk6VKIi0LlcPbzuU1iWEsLfsVanWoA"},{"line_number":465,"context_line":""},{"line_number":466,"context_line":"The Keystone Middleware updates request headers with the metadata only if a"},{"line_number":467,"context_line":"token is valid. If a token is invalid or an error response is returned, it"}],"source_content_type":"text/x-rst","patch_set":5,"id":"6835bc95_4af708f4","line":464,"range":{"start_line":464,"start_character":25,"end_line":464,"end_character":67},"in_reply_to":"8deced24_ad403df4","updated":"2021-10-22 02:23:45.000000000","message":"I\u0027ve confirmed","commit_id":"f285b78e4dbd6a608f72075c7a85e17c0c1471b7"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"8fcaf0df1d12f8d38e1f1d4d6bd63f5de1030022","unresolved":true,"context_lines":[{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    DELETE /identity/v3/auth/OS-OAUTH2/client/{client_id}"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":".. note:: When a Client is deleted, corresponding Access Tokens will also be deleted."},{"line_number":269,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"94e75d33_8b9fbd33","line":266,"range":{"start_line":266,"start_character":39,"end_line":266,"end_character":45},"updated":"2021-10-22 01:56:48.000000000","message":"In other URLs, they are all \"clients\", so is it better to unify them?","commit_id":"a716ee64b236aa4504aa9ed17a65bd9f83ef9344"},{"author":{"_account_id":32604,"name":"Keiichiro Yamakawa","email":"yamakawa.keiich@fujitsu.com"},"change_message_id":"3f270e33613b5b46e10df6e3f71c729bf70f57e1","unresolved":false,"context_lines":[{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    DELETE /identity/v3/auth/OS-OAUTH2/client/{client_id}"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":".. note:: When a Client is deleted, corresponding Access Tokens will also be deleted."},{"line_number":269,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"8579887b_51b619f4","line":266,"range":{"start_line":266,"start_character":39,"end_line":266,"end_character":45},"in_reply_to":"94e75d33_8b9fbd33","updated":"2021-10-28 01:44:29.000000000","message":"I\u0027ve confirmed.","commit_id":"a716ee64b236aa4504aa9ed17a65bd9f83ef9344"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"3b68fc68c7d00c73699c17a4c143f491105b6501","unresolved":true,"context_lines":[{"line_number":65,"context_line":"Terminology"},{"line_number":66,"context_line":"-----------"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"- *User:* An Identity API service user, the entity whose role(s) will be"},{"line_number":69,"context_line":"  delegated, and the entity that registers Clients."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"- *Client:* An application making protected resource requests on behalf of the"}],"source_content_type":"text/x-rst","patch_set":7,"id":"1cf7b549_7c29fc10","line":68,"range":{"start_line":68,"start_character":10,"end_line":68,"end_character":38},"updated":"2021-11-02 14:03:54.000000000","message":"By service user, do you mean the end-user of a service, or do you mean the service account associated with a service? If the latter, this is something that keystone doesn\u0027t know how to define. Service user is just a user that has the role that is configured in keystonemiddleware as the service role, not something that keystone specifies.","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":true,"context_lines":[{"line_number":65,"context_line":"Terminology"},{"line_number":66,"context_line":"-----------"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"- *User:* An Identity API service user, the entity whose role(s) will be"},{"line_number":69,"context_line":"  delegated, and the entity that registers Clients."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"- *Client:* An application making protected resource requests on behalf of the"}],"source_content_type":"text/x-rst","patch_set":7,"id":"4ae6bd85_955b1610","line":68,"range":{"start_line":68,"start_character":10,"end_line":68,"end_character":38},"in_reply_to":"1cf7b549_7c29fc10","updated":"2021-11-10 09:44:19.000000000","message":"I\u0027m sorry for the confusion. \nI\u0027ll replace \"An Identity API service user,\" with \"The end-users who use Identity API service\".\n\nLet me make sure I\u0027m clear on this. \nI assume the use case where an OpenStack user, which is something we can create with `openstack user create` such as `admin`, creates an OAuth2.0 client with `Create Client API`.\nI suppose it\u0027s not necessary to consider the service account in this case. Am I right?","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"79564f377b21d27101901a8df661755f0ad72afe","unresolved":true,"context_lines":[{"line_number":65,"context_line":"Terminology"},{"line_number":66,"context_line":"-----------"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"- *User:* An Identity API service user, the entity whose role(s) will be"},{"line_number":69,"context_line":"  delegated, and the entity that registers Clients."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"- *Client:* An application making protected resource requests on behalf of the"}],"source_content_type":"text/x-rst","patch_set":7,"id":"ad9c7896_751f0f5a","line":68,"range":{"start_line":68,"start_character":10,"end_line":68,"end_character":38},"in_reply_to":"4ae6bd85_955b1610","updated":"2021-11-18 15:59:42.000000000","message":"Let me further elaborate on my confusion.\n\nIf the consumer for this authentication type is end-users, this seems to be exactly the use case for application credentials. [0]\n\nApplication credentials allow an end-user to delegate a subset of roles (or access to a subset of APIs) to an application that they control.\n\nCurrently, you are unable to use application credentials as they are to fulfill your use case, because the NFV specification requires that the mechanism for authenticating users conforms to OAuth 2.0 Client Credentials grant.\n\nReading through the OAuth 2.0 Client Credentials grant [1], however, I see that the intended consumer for that grant type is confidential clients to access resources they themself own, and not to authenticate on behalf of end users. OAuth.net also mentions that this grant type is to be used outside the context of a user. [2]\n\nThe mechanisms that the OAuth 2.0 specification designs for acting on behalf of a user are resource owner password credentials, authorization code, and implicit.\n\nPlease tell me more about how Tacker will make use of this, as I\u0027m not familiar with its API. Does the Tacker API have its own user and use that to make requests to other services? Or does it use the credentials of the users that make requests to the Tacker API?\n\n0. https://docs.openstack.org/keystone/latest/user/application_credentials.html\n1. https://datatracker.ietf.org/doc/html/rfc6749#section-4.4\n2. https://oauth.net/2/grant-types/client-credentials/","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"6607b647fa5f67131f5f28b87e67d00cc65525c5","unresolved":true,"context_lines":[{"line_number":65,"context_line":"Terminology"},{"line_number":66,"context_line":"-----------"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"- *User:* An Identity API service user, the entity whose role(s) will be"},{"line_number":69,"context_line":"  delegated, and the entity that registers Clients."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"- *Client:* An application making protected resource requests on behalf of the"}],"source_content_type":"text/x-rst","patch_set":7,"id":"d1866454_c363bf6e","line":68,"range":{"start_line":68,"start_character":10,"end_line":68,"end_character":38},"in_reply_to":"ad9c7896_751f0f5a","updated":"2021-11-30 14:49:21.000000000","message":"\u003e Reading through the OAuth 2.0 Client Credentials grant [1], however, I see that the intended consumer for that grant type is confidential clients to access resources they themself own, and not to authenticate on behalf of end users. OAuth.net also mentions that this grant type is to be used outside the context of a user. [2]\n\nMaybe you\u0027re right.\nHowever, the `application credentials` is also a feature that allows a client to behave on behalf of end-users.\nWhich should we think a correct way, a client must not access any other users\u0027 resources or a client can access resources of a user who created the client itself.\nCould you please tell me your opinion?\n\nBy the way, the OAuth 2.0 Client Credentials grant [1] also says that `Client credentials are used when the client is requesting access to protected resources based on an authorization previously arranged with the authorization server`.\nI understand it doesn\u0027t mean a client can perform on behalf of users, but we can interpret this sentence as making a client with limited permission doesn\u0027t violate OAuth2.0 Client Credentials even if its permission is basically delegated by a user.\n\n\u003e Please tell me more about how Tacker will make use of this, as I\u0027m not familiar with its API. Does the Tacker API have its own user and use that to make requests to other services? Or does it use the credentials of the users that make requests to the Tacker API?\n\nI think the former is correct. \nTacker uses its own account to make requests to other services and not reuse the user\u0027s credential to make requests [1,2].\n\n[1] https://docs.openstack.org/tacker/latest/configuration/sample_config.html\n[2] https://github.com/openstack/tacker/blob/master/tacker/context.py#L217-L224","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"3b68fc68c7d00c73699c17a4c143f491105b6501","unresolved":true,"context_lines":[{"line_number":72,"context_line":"  User and with its authorization."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"- *Access Token:* A token used by the Client to make protected resource"},{"line_number":75,"context_line":"  requests on behalf of the authorizing User, instead of using the User’s"},{"line_number":76,"context_line":"  credentials. Must be strings of UUID, a.k.a reference tokens, that"},{"line_number":77,"context_line":"  corresponds to the primary key in access_token_oauth2 table."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"OAuth2.0 Client Credentials Grant Flow"}],"source_content_type":"text/x-rst","patch_set":7,"id":"6dbf907b_86217950","line":76,"range":{"start_line":75,"start_character":11,"end_line":76,"end_character":13},"updated":"2021-11-02 14:03:54.000000000","message":"Can you please elaborate more on this? I don\u0027t think I\u0027m comfortable with introducing a new token type that is a uuid and allows services to impersonate users. Also, OAuth 2.0 allows for any type of token, any reason to not use fernet or JWT tokens which we already have support for? Also, how would this work with multi-factor authentication, application credentials, trusts, federation (oidc, saml) and other methods of authentication.","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"79564f377b21d27101901a8df661755f0ad72afe","unresolved":true,"context_lines":[{"line_number":72,"context_line":"  User and with its authorization."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"- *Access Token:* A token used by the Client to make protected resource"},{"line_number":75,"context_line":"  requests on behalf of the authorizing User, instead of using the User’s"},{"line_number":76,"context_line":"  credentials. Must be strings of UUID, a.k.a reference tokens, that"},{"line_number":77,"context_line":"  corresponds to the primary key in access_token_oauth2 table."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"OAuth2.0 Client Credentials Grant Flow"}],"source_content_type":"text/x-rst","patch_set":7,"id":"85f20f0d_d92e1cd2","line":76,"range":{"start_line":75,"start_character":11,"end_line":76,"end_character":13},"in_reply_to":"2f75606b_cb918ad8","updated":"2021-11-18 15:59:42.000000000","message":"Yes, however after the client credential has been created, the user/client/actor can then authenticate without requiring federation/multi-factor auth/etc.\n\nAs I described above, we already have a similar credential type, called application credential. \n\nI think I would prefer to just introduce an API that allows authentication using application credentials, but conforms to the client credentials grant type. Thus clients would provide the application credential id for client id and application credential secret for client secret.\n\nApplication credentials already provide mechanism for scoping access. Including delegating a subset of roles, and only delegating a subset of the APIs (via access rules). Both are designed to allow applications to access resource on behalf of a user, and in this way we\u0027d use already existing mechanisms that already provide as the flexibility we need, and only need introduce a conforming API.\n\nIn a similar way, instead of creating a new special type of token, this authentication API should just respond with an ordinary keystone token. OAuth 2.0 access tokens don\u0027t have any special meaning, outside of what the token introspection API accepts and returns, thus we would only need to introduce a token introspection that accepts keystone tokens and conforms to the OAuth 2.0 specification.\n\nWith the above proposals, you don\u0027t need to introduce a new credential type, or a new token type. Or fix your specification to a specific token type and refer to clients on the database table.\n\nI really feel strongly that whatever authentication API for clients that we agree on should just return whatever token type keystone is currently configured to return for all authentication types, and we should just create an OAuth 2.0 token introspection API for them.\n\n0. https://docs.openstack.org/keystone/latest/user/application_credentials.html","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":true,"context_lines":[{"line_number":72,"context_line":"  User and with its authorization."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"- *Access Token:* A token used by the Client to make protected resource"},{"line_number":75,"context_line":"  requests on behalf of the authorizing User, instead of using the User’s"},{"line_number":76,"context_line":"  credentials. Must be strings of UUID, a.k.a reference tokens, that"},{"line_number":77,"context_line":"  corresponds to the primary key in access_token_oauth2 table."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"OAuth2.0 Client Credentials Grant Flow"}],"source_content_type":"text/x-rst","patch_set":7,"id":"2f75606b_cb918ad8","line":76,"range":{"start_line":75,"start_character":11,"end_line":76,"end_character":13},"in_reply_to":"6dbf907b_86217950","updated":"2021-11-10 09:44:19.000000000","message":"I understood your concern.\nAs I thought we should discuss what solution is the best, I\u0027ll just change the token type from `uuid`to `fernet` for now.\n\nFirst of all, in the scenario described here, only users who have already been authenticated create OAuth2.0 clients.\nIn other words, users might use multi-factor authentication, federation, etc, for the authentication, but the OAuth 2.0 client doesn\u0027t, which is what I thought in the first place.\nIf I\u0027m missing something or you feel the above is not clear in the current spec, please let me know.\n\nIn addition, to limit an application\u0027s access to APIs, as you may know, OAuth 2.0 provides the mechanism called `scope`. We can use this to safely delegate users\u0027 permission to OAuth2.0 clients, i.e., applications.","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"6607b647fa5f67131f5f28b87e67d00cc65525c5","unresolved":true,"context_lines":[{"line_number":72,"context_line":"  User and with its authorization."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"- *Access Token:* A token used by the Client to make protected resource"},{"line_number":75,"context_line":"  requests on behalf of the authorizing User, instead of using the User’s"},{"line_number":76,"context_line":"  credentials. Must be strings of UUID, a.k.a reference tokens, that"},{"line_number":77,"context_line":"  corresponds to the primary key in access_token_oauth2 table."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"OAuth2.0 Client Credentials Grant Flow"}],"source_content_type":"text/x-rst","patch_set":7,"id":"aefa1fe2_06bef020","line":76,"range":{"start_line":75,"start_character":11,"end_line":76,"end_character":13},"in_reply_to":"85f20f0d_d92e1cd2","updated":"2021-11-30 14:49:21.000000000","message":"I basically agree with your suggestion.\nWe can make a wrapper of the application credentials to provide APIs that conform to the client credentials. \n\nHowever, as I described above, if the client credentials should not be a feature to delegate user\u0027s roles, the application credentials is not conform to the client credentials.\n\nAlso, I\u0027m concerned that the application credentials and the OAuth2.0 client credentials will share the same table.\nWhen a user creates a new client with the OAuth2.0 client credentials, a new application credential is created implicitly.\nWould it be acceptable?","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"3b68fc68c7d00c73699c17a4c143f491105b6501","unresolved":true,"context_lines":[{"line_number":146,"context_line":"    \"token_endpoint_auth_method\": \"client_secret_basic\","},{"line_number":147,"context_line":"    \"grant_types\": [\"client_credentials\"],"},{"line_number":148,"context_line":"    \"scope\": \"\","},{"line_number":149,"context_line":"    \"x_user_id\": \"da0e3ae640584af98c015343b0552ec0\","},{"line_number":150,"context_line":"    \"x_project_id\": \"f2796050af304441b5f1eabecb33e808\""},{"line_number":151,"context_line":"  }"},{"line_number":152,"context_line":""},{"line_number":153,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"bbbec443_1932239e","line":150,"range":{"start_line":149,"start_character":4,"end_line":150,"end_character":54},"updated":"2021-11-02 14:03:54.000000000","message":"I don\u0027t think these should be passed in as parameters and instead inferred from the authentication token.","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d265f1b5d3cbc49ab514e826de8f5374b1cfb38d","unresolved":true,"context_lines":[{"line_number":146,"context_line":"    \"token_endpoint_auth_method\": \"client_secret_basic\","},{"line_number":147,"context_line":"    \"grant_types\": [\"client_credentials\"],"},{"line_number":148,"context_line":"    \"scope\": \"\","},{"line_number":149,"context_line":"    \"x_user_id\": \"da0e3ae640584af98c015343b0552ec0\","},{"line_number":150,"context_line":"    \"x_project_id\": \"f2796050af304441b5f1eabecb33e808\""},{"line_number":151,"context_line":"  }"},{"line_number":152,"context_line":""},{"line_number":153,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"11265372_3abe83a8","line":150,"range":{"start_line":149,"start_character":4,"end_line":150,"end_character":54},"in_reply_to":"bbbec443_1932239e","updated":"2021-11-10 09:44:19.000000000","message":"I agree.\nI\u0027ll remove these parameters in the patchset 8.","commit_id":"0ba88c616250931861545c600dbcb72cf7936143"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"79564f377b21d27101901a8df661755f0ad72afe","unresolved":true,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"- *Access Token:* A token used by the Client to make protected resource"},{"line_number":75,"context_line":"  requests on behalf of the authorizing User, instead of using the User’s"},{"line_number":76,"context_line":"  credentials. Must be Fernet token [#fernet]_, a.k.a self-contained tokens,"},{"line_number":77,"context_line":"  that corresponds to the `token` field in access_token_oauth2 table."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"OAuth2.0 Client Credentials Grant Flow"},{"line_number":80,"context_line":"--------------------------------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"52718ca4_d62bc1bd","line":77,"range":{"start_line":76,"start_character":15,"end_line":77,"end_character":69},"updated":"2021-11-18 15:59:42.000000000","message":"See comment above. Tokens should just be normal tokens similar to what keystone would return for any authentication type. Therefore don\u0027t introduce a new table in the database for them, or a new field in config.\n\nCan you think of any reason that normal tokens wouldn\u0027t work?","commit_id":"c6bd4f232c0ca79c2313260aeb23a1d9f23ac83b"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"6607b647fa5f67131f5f28b87e67d00cc65525c5","unresolved":true,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"- *Access Token:* A token used by the Client to make protected resource"},{"line_number":75,"context_line":"  requests on behalf of the authorizing User, instead of using the User’s"},{"line_number":76,"context_line":"  credentials. Must be Fernet token [#fernet]_, a.k.a self-contained tokens,"},{"line_number":77,"context_line":"  that corresponds to the `token` field in access_token_oauth2 table."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"OAuth2.0 Client Credentials Grant Flow"},{"line_number":80,"context_line":"--------------------------------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"887228fb_777020a9","line":77,"range":{"start_line":76,"start_character":15,"end_line":77,"end_character":69},"in_reply_to":"52718ca4_d62bc1bd","updated":"2021-11-30 14:49:21.000000000","message":"As you said, we don\u0027t have to specify the token type.\nI agree with that.","commit_id":"c6bd4f232c0ca79c2313260aeb23a1d9f23ac83b"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"24e949f60a5768569c818123612ce6ff38a85131","unresolved":true,"context_lines":[{"line_number":97,"context_line":""},{"line_number":98,"context_line":"The flow consists of the following steps as illustrated in the above sequence:"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"#. An Identity API service User creates a Client"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"#. The Client authenticates with the authorization server on the Keystone and"},{"line_number":103,"context_line":"   requests a new Access Token."}],"source_content_type":"text/x-rst","patch_set":12,"id":"c493aeac_46d464ac","line":100,"range":{"start_line":100,"start_character":32,"end_line":100,"end_character":48},"updated":"2022-01-25 15:01:39.000000000","message":"an application credential","commit_id":"da9aa04912f0042f2f306f2ebb103612394fe280"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"9f261950d7c8a5b00b203bc4bf167828ae93e3dd","unresolved":true,"context_lines":[{"line_number":97,"context_line":""},{"line_number":98,"context_line":"The flow consists of the following steps as illustrated in the above sequence:"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"#. An Identity API service User creates a Client"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"#. The Client authenticates with the authorization server on the Keystone and"},{"line_number":103,"context_line":"   requests a new Access Token."}],"source_content_type":"text/x-rst","patch_set":12,"id":"8078d4b9_58f02472","line":100,"range":{"start_line":100,"start_character":32,"end_line":100,"end_character":48},"in_reply_to":"c493aeac_46d464ac","updated":"2022-01-28 05:25:40.000000000","message":"Thank you for your comment.\n\nI\u0027ll fix it in PS13","commit_id":"da9aa04912f0042f2f306f2ebb103612394fe280"},{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"dbae8e8188fdbf1db59f963e8804971923f6eca7","unresolved":true,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"  * Create Access Token"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":".. warning::"},{"line_number":44,"context_line":"  Note that, according to RFC6749 [#oauth2_specification]_, HTTPS must be"},{"line_number":45,"context_line":"  enabled in the authorization server since some requests include sensitive"},{"line_number":46,"context_line":"  information, e.g., a client secret, in plain text."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":".. warning::"},{"line_number":49,"context_line":"   Note that the OAuth 2.0 APIs described in this document use the Application"}],"source_content_type":"text/x-rst","patch_set":14,"id":"53087788_336b10ad","line":46,"range":{"start_line":43,"start_character":0,"end_line":46,"end_character":52},"updated":"2022-02-15 19:19:41.000000000","message":"We need to make sure this gets documented then for using this functionality.","commit_id":"8145886d241a48e9dd418c4b56a3a200a0ffe736"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"34e441bfa130d851f4345f32c4de1f28cbf95987","unresolved":true,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"  * Create Access Token"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":".. warning::"},{"line_number":44,"context_line":"  Note that, according to RFC6749 [#oauth2_specification]_, HTTPS must be"},{"line_number":45,"context_line":"  enabled in the authorization server since some requests include sensitive"},{"line_number":46,"context_line":"  information, e.g., a client secret, in plain text."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":".. warning::"},{"line_number":49,"context_line":"   Note that the OAuth 2.0 APIs described in this document use the Application"}],"source_content_type":"text/x-rst","patch_set":14,"id":"4a94b693_66fd9d16","line":46,"range":{"start_line":43,"start_character":0,"end_line":46,"end_character":52},"in_reply_to":"53087788_336b10ad","updated":"2022-02-24 05:41:47.000000000","message":"We\u0027ll add this warning to the document for OAuth2.0.","commit_id":"8145886d241a48e9dd418c4b56a3a200a0ffe736"},{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"dbae8e8188fdbf1db59f963e8804971923f6eca7","unresolved":true,"context_lines":[{"line_number":205,"context_line":"  Credentials which is already implemented in keystone. We would implement only"},{"line_number":206,"context_line":"  the logic needed on top of this functionality."},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"Notifications Impact"},{"line_number":209,"context_line":"--------------------"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"None"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"Other End User Impact"},{"line_number":214,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":14,"id":"48272f98_aa8eace1","line":211,"range":{"start_line":208,"start_character":0,"end_line":211,"end_character":4},"updated":"2022-02-15 19:19:41.000000000","message":"I assume the auth for this would still emit a notification, but there may be differences with how keystone currently defines them.","commit_id":"8145886d241a48e9dd418c4b56a3a200a0ffe736"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"34e441bfa130d851f4345f32c4de1f28cbf95987","unresolved":true,"context_lines":[{"line_number":205,"context_line":"  Credentials which is already implemented in keystone. We would implement only"},{"line_number":206,"context_line":"  the logic needed on top of this functionality."},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"Notifications Impact"},{"line_number":209,"context_line":"--------------------"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"None"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"Other End User Impact"},{"line_number":214,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":14,"id":"57895e64_97ea7f54","line":211,"range":{"start_line":208,"start_character":0,"end_line":211,"end_character":4},"in_reply_to":"48272f98_aa8eace1","updated":"2022-02-24 05:41:47.000000000","message":"We don\u0027t have a plant to add new notification as we\u0027ll use existing application credentials codes for the most part. If you think it\u0027s better to emit new notification, please let me know.","commit_id":"8145886d241a48e9dd418c4b56a3a200a0ffe736"}]}