)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f60628b17cf739da2ac5b6f6548b8936e490d8d5","unresolved":true,"context_lines":[{"line_number":11,"context_line":"from an External Authentication Server."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614"},{"line_number":14,"context_line":"Implements: blueprint external-authentication-server-oauth2-grant-support"},{"line_number":15,"context_line":"Change-Id: I529c5b0c89933395b126e86651ef09368dd7e6b4"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"fc1592fe_8f8264a4","line":14,"range":{"start_line":14,"start_character":22,"end_line":14,"end_character":73},"updated":"2023-01-03 14:56:39.000000000","message":"Please refer this bp: enhance-oauth2-interoperability, instead","commit_id":"a30a8287acbba73718ac08657d77f2d7622c27bb"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"673aaeb6cbc36c02ecf2a22c795a2d57d8655781","unresolved":false,"context_lines":[{"line_number":11,"context_line":"from an External Authentication Server."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614"},{"line_number":14,"context_line":"Implements: blueprint external-authentication-server-oauth2-grant-support"},{"line_number":15,"context_line":"Change-Id: I529c5b0c89933395b126e86651ef09368dd7e6b4"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"a03e38c7_dafb8eb6","line":14,"range":{"start_line":14,"start_character":22,"end_line":14,"end_character":73},"in_reply_to":"fc1592fe_8f8264a4","updated":"2023-01-24 04:16:46.000000000","message":"Done","commit_id":"a30a8287acbba73718ac08657d77f2d7622c27bb"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"597682c95141584c40e1291a29e597457a839d6c","unresolved":false,"context_lines":[{"line_number":11,"context_line":"from an External Authentication Server."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614"},{"line_number":14,"context_line":"Implements: blueprint external-authentication-server-oauth2-grant-support"},{"line_number":15,"context_line":"Change-Id: I529c5b0c89933395b126e86651ef09368dd7e6b4"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"6f827fcc_ced505df","line":14,"range":{"start_line":14,"start_character":22,"end_line":14,"end_character":73},"in_reply_to":"fc1592fe_8f8264a4","updated":"2023-02-09 01:42:53.000000000","message":"Has modified.","commit_id":"a30a8287acbba73718ac08657d77f2d7622c27bb"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c44d05992ca5431ebfa51c8a2df9e033dd4a2ef3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"cb20c744_00bd2fad","updated":"2023-03-16 06:08:29.000000000","message":"Thank you for submitting patch.\n\nPlease kindly find my comment.","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"6cf221b5a47c66fd897c79400e04a8b1d1abeadf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"2b73d7b7_6ef80d5d","updated":"2023-03-17 03:48:16.000000000","message":"Thank you for rework.","commit_id":"e30998137d7b8b01e1d97158af84a53208382617"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"d882c48ed553132faca0497f8ca5331777b6912d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"dfe7a12d_93e8bf40","updated":"2023-06-14 18:42:39.000000000","message":"Thank you for proposing this. I did a quick first pass at the reviewing the external_oauth2_token.py file, I haven\u0027t yet reviewed the rest.","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"},{"author":{"_account_id":34712,"name":"Yuta Kazato","display_name":"Yuta Kazato","email":"yuta.kazato.nw@hco.ntt.co.jp","username":"kazatoy-ntt"},"change_message_id":"d751044772ac70aea0ed669f9ec0f5b5b1dbde8f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"1e4cb8c9_f653480c","updated":"2023-04-06 00:03:41.000000000","message":"recheck","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"b6dc3a95c33caef4f0dc7362c1313dd5d90e4854","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"a3dba66c_1d7d3dda","updated":"2023-08-28 09:40:07.000000000","message":"Thank you for your comment.\nI have corrected the points you pointed out.","commit_id":"b69d83146361829bef718312017bf77a3e125bf0"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"6e8b4f893462f0e8b24c57f15769f7739ca97e68","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":16,"id":"afaa6631_2eb3e035","updated":"2023-09-13 15:08:57.000000000","message":"recheck","commit_id":"de15a610e160defb367b224258498727384d10a8"}],"keystonemiddleware/external_oauth2_token.py":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c44d05992ca5431ebfa51c8a2df9e033dd4a2ef3","unresolved":true,"context_lines":[{"line_number":254,"context_line":"                        \u0027because the configuration parameters are incorrect \u0027"},{"line_number":255,"context_line":"                        \u0027and the token can not be verified.\u0027)"},{"line_number":256,"context_line":"            body \u003d {\u0027error\u0027: {"},{"line_number":257,"context_line":"                \u0027code\u0027: 503,"},{"line_number":258,"context_line":"                \u0027title\u0027: \u0027Forbidden\u0027,"},{"line_number":259,"context_line":"                \u0027message\u0027: message,"},{"line_number":260,"context_line":"            }}"}],"source_content_type":"text/x-python","patch_set":11,"id":"07dbcdd0_9d00c7a7","line":257,"updated":"2023-03-16 06:08:29.000000000","message":"At least, I think 503 is too much for this case as a server is not down.\nIn this case, 500 is suitable. WDYT?","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"9c878045a78ed066374286d9c0eb0e8f27318328","unresolved":false,"context_lines":[{"line_number":254,"context_line":"                        \u0027because the configuration parameters are incorrect \u0027"},{"line_number":255,"context_line":"                        \u0027and the token can not be verified.\u0027)"},{"line_number":256,"context_line":"            body \u003d {\u0027error\u0027: {"},{"line_number":257,"context_line":"                \u0027code\u0027: 503,"},{"line_number":258,"context_line":"                \u0027title\u0027: \u0027Forbidden\u0027,"},{"line_number":259,"context_line":"                \u0027message\u0027: message,"},{"line_number":260,"context_line":"            }}"}],"source_content_type":"text/x-python","patch_set":11,"id":"f6344d6d_1f80560c","line":257,"in_reply_to":"07dbcdd0_9d00c7a7","updated":"2023-03-17 03:10:02.000000000","message":"Has modified.","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c44d05992ca5431ebfa51c8a2df9e033dd4a2ef3","unresolved":true,"context_lines":[{"line_number":255,"context_line":"                        \u0027and the token can not be verified.\u0027)"},{"line_number":256,"context_line":"            body \u003d {\u0027error\u0027: {"},{"line_number":257,"context_line":"                \u0027code\u0027: 503,"},{"line_number":258,"context_line":"                \u0027title\u0027: \u0027Forbidden\u0027,"},{"line_number":259,"context_line":"                \u0027message\u0027: message,"},{"line_number":260,"context_line":"            }}"},{"line_number":261,"context_line":"            raise webob.exc.HTTPServiceUnavailable("}],"source_content_type":"text/x-python","patch_set":11,"id":"cfc4b784_952d84ab","line":258,"updated":"2023-03-16 06:08:29.000000000","message":"Service Unavailable/Internal Server Error, isn\u0027t it?\n\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Status/501\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Status/503","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"9c878045a78ed066374286d9c0eb0e8f27318328","unresolved":false,"context_lines":[{"line_number":255,"context_line":"                        \u0027and the token can not be verified.\u0027)"},{"line_number":256,"context_line":"            body \u003d {\u0027error\u0027: {"},{"line_number":257,"context_line":"                \u0027code\u0027: 503,"},{"line_number":258,"context_line":"                \u0027title\u0027: \u0027Forbidden\u0027,"},{"line_number":259,"context_line":"                \u0027message\u0027: message,"},{"line_number":260,"context_line":"            }}"},{"line_number":261,"context_line":"            raise webob.exc.HTTPServiceUnavailable("}],"source_content_type":"text/x-python","patch_set":11,"id":"42e03d1b_4d66bb6c","line":258,"in_reply_to":"cfc4b784_952d84ab","updated":"2023-03-17 03:10:02.000000000","message":"Has modified.","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c44d05992ca5431ebfa51c8a2df9e033dd4a2ef3","unresolved":true,"context_lines":[{"line_number":271,"context_line":"                        \u0027the external authentication server \u0027"},{"line_number":272,"context_line":"                        \u0027for token validation.\u0027)"},{"line_number":273,"context_line":"            body \u003d {\u0027error\u0027: {"},{"line_number":274,"context_line":"                \u0027code\u0027: 503,"},{"line_number":275,"context_line":"                \u0027title\u0027: \u0027Forbidden\u0027,"},{"line_number":276,"context_line":"                \u0027message\u0027: message,"},{"line_number":277,"context_line":"            }}"},{"line_number":278,"context_line":"            raise webob.exc.HTTPServiceUnavailable("}],"source_content_type":"text/x-python","patch_set":11,"id":"389d9934_c63d7f05","line":275,"range":{"start_line":274,"start_character":0,"end_line":275,"end_character":37},"updated":"2023-03-16 06:08:29.000000000","message":"ditto","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"9c878045a78ed066374286d9c0eb0e8f27318328","unresolved":false,"context_lines":[{"line_number":271,"context_line":"                        \u0027the external authentication server \u0027"},{"line_number":272,"context_line":"                        \u0027for token validation.\u0027)"},{"line_number":273,"context_line":"            body \u003d {\u0027error\u0027: {"},{"line_number":274,"context_line":"                \u0027code\u0027: 503,"},{"line_number":275,"context_line":"                \u0027title\u0027: \u0027Forbidden\u0027,"},{"line_number":276,"context_line":"                \u0027message\u0027: message,"},{"line_number":277,"context_line":"            }}"},{"line_number":278,"context_line":"            raise webob.exc.HTTPServiceUnavailable("}],"source_content_type":"text/x-python","patch_set":11,"id":"0ba7b95a_49752ff6","line":275,"range":{"start_line":274,"start_character":0,"end_line":275,"end_character":37},"in_reply_to":"389d9934_c63d7f05","updated":"2023-03-17 03:10:02.000000000","message":"Has modified.","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c44d05992ca5431ebfa51c8a2df9e033dd4a2ef3","unresolved":true,"context_lines":[{"line_number":523,"context_line":"            introspect_endpoint \u003d self._introspect_endpoint"},{"line_number":524,"context_line":"            client_id \u003d self._client_id"},{"line_number":525,"context_line":"            if self._auth_method \u003d\u003d \u0027client_secret_basic\u0027:"},{"line_number":526,"context_line":"                http_response \u003d self._introspect_by_client_secret_basic("},{"line_number":527,"context_line":"                    introspect_endpoint,"},{"line_number":528,"context_line":"                    client_id,"},{"line_number":529,"context_line":"                    access_token"},{"line_number":530,"context_line":"                )"},{"line_number":531,"context_line":"            elif self._auth_method \u003d\u003d \u0027client_secret_post\u0027:"},{"line_number":532,"context_line":"                http_response \u003d self._introspect_by_client_secret_post("},{"line_number":533,"context_line":"                    introspect_endpoint,"}],"source_content_type":"text/x-python","patch_set":11,"id":"b205b9fd_4eddc02b","line":530,"range":{"start_line":526,"start_character":1,"end_line":530,"end_character":17},"updated":"2023-03-16 06:08:29.000000000","message":"It\u0027s better to abstract http clients for authorization servers, like this.\n\n```\nclient \u003d HttpClient(self._auth_method)       \nhttp_response \u003d client.introspect()\n```","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"6cf221b5a47c66fd897c79400e04a8b1d1abeadf","unresolved":true,"context_lines":[{"line_number":523,"context_line":"            introspect_endpoint \u003d self._introspect_endpoint"},{"line_number":524,"context_line":"            client_id \u003d self._client_id"},{"line_number":525,"context_line":"            if self._auth_method \u003d\u003d \u0027client_secret_basic\u0027:"},{"line_number":526,"context_line":"                http_response \u003d self._introspect_by_client_secret_basic("},{"line_number":527,"context_line":"                    introspect_endpoint,"},{"line_number":528,"context_line":"                    client_id,"},{"line_number":529,"context_line":"                    access_token"},{"line_number":530,"context_line":"                )"},{"line_number":531,"context_line":"            elif self._auth_method \u003d\u003d \u0027client_secret_post\u0027:"},{"line_number":532,"context_line":"                http_response \u003d self._introspect_by_client_secret_post("},{"line_number":533,"context_line":"                    introspect_endpoint,"}],"source_content_type":"text/x-python","patch_set":11,"id":"ccdbdb96_2da9ed13","line":530,"range":{"start_line":526,"start_character":1,"end_line":530,"end_character":17},"in_reply_to":"a6823ac0_5c5248f6","updated":"2023-03-17 03:48:16.000000000","message":"Sorry, my comment was not clear and insufficient.\nMy suggestion is to remove these if statements from _fetch_token and to do the same thing in HttpClient class or a new method something like get_http_client. In other words, abstracting the difference of auth_methods by introducing a new class or a new method.\n\nAs auth_method determines a type of client, you can set a client as an instance variable at __init__, if my understanding is correct.\n\nExample:\n```\ndef get_http_client(auth_method):\n    if auth_methot \u003d\u003d \u0027client_secret\u0027:\n        return ClientSecretBasicAuthClient(...)\n    if auth_method \u003d\u003d \u0027tls_client_auth\u0027\n        return TlsClientAuthClient(...)\n...\nclass ExternalAuth2Protocol(object):\n    def __init__(self, application, conf):\n        self._auth_method \u003d self._get_config_option(\n            \u0027auth_method\u0027, is_required\u003dTrue)\n        self._client \u003d get_http_client(self._auth_method) \n    \n\n    def _fetch_token(self, aceess_token):\n        ...\n        try:\n            resp \u003d client.introspect(access_token)\n```","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"9c878045a78ed066374286d9c0eb0e8f27318328","unresolved":false,"context_lines":[{"line_number":523,"context_line":"            introspect_endpoint \u003d self._introspect_endpoint"},{"line_number":524,"context_line":"            client_id \u003d self._client_id"},{"line_number":525,"context_line":"            if self._auth_method \u003d\u003d \u0027client_secret_basic\u0027:"},{"line_number":526,"context_line":"                http_response \u003d self._introspect_by_client_secret_basic("},{"line_number":527,"context_line":"                    introspect_endpoint,"},{"line_number":528,"context_line":"                    client_id,"},{"line_number":529,"context_line":"                    access_token"},{"line_number":530,"context_line":"                )"},{"line_number":531,"context_line":"            elif self._auth_method \u003d\u003d \u0027client_secret_post\u0027:"},{"line_number":532,"context_line":"                http_response \u003d self._introspect_by_client_secret_post("},{"line_number":533,"context_line":"                    introspect_endpoint,"}],"source_content_type":"text/x-python","patch_set":11,"id":"a6823ac0_5c5248f6","line":530,"range":{"start_line":526,"start_character":1,"end_line":530,"end_character":17},"in_reply_to":"b205b9fd_4eddc02b","updated":"2023-03-17 03:10:02.000000000","message":"Has modified.","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"3b65c9264323872308e12284fa78e94cbf4c1af1","unresolved":false,"context_lines":[{"line_number":523,"context_line":"            introspect_endpoint \u003d self._introspect_endpoint"},{"line_number":524,"context_line":"            client_id \u003d self._client_id"},{"line_number":525,"context_line":"            if self._auth_method \u003d\u003d \u0027client_secret_basic\u0027:"},{"line_number":526,"context_line":"                http_response \u003d self._introspect_by_client_secret_basic("},{"line_number":527,"context_line":"                    introspect_endpoint,"},{"line_number":528,"context_line":"                    client_id,"},{"line_number":529,"context_line":"                    access_token"},{"line_number":530,"context_line":"                )"},{"line_number":531,"context_line":"            elif self._auth_method \u003d\u003d \u0027client_secret_post\u0027:"},{"line_number":532,"context_line":"                http_response \u003d self._introspect_by_client_secret_post("},{"line_number":533,"context_line":"                    introspect_endpoint,"}],"source_content_type":"text/x-python","patch_set":11,"id":"db6b54bf_104e6fd1","line":530,"range":{"start_line":526,"start_character":1,"end_line":530,"end_character":17},"in_reply_to":"ccdbdb96_2da9ed13","updated":"2023-03-20 08:12:22.000000000","message":"Has modified.","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c44d05992ca5431ebfa51c8a2df9e033dd4a2ef3","unresolved":true,"context_lines":[{"line_number":578,"context_line":"                               origin_token_metadata)"},{"line_number":579,"context_line":"                raise InvalidToken(_(\u0027The token is invalid.\u0027))"},{"line_number":580,"context_line":""},{"line_number":581,"context_line":"            token_data \u003d self._parse_necessary_info(origin_token_metadata)"},{"line_number":582,"context_line":"            return token_data"},{"line_number":583,"context_line":"        except (ConfigurationError, ForbiddenToken,"},{"line_number":584,"context_line":"                ServiceError, InvalidToken):"},{"line_number":585,"context_line":"            raise"}],"source_content_type":"text/x-python","patch_set":11,"id":"ec725053_3b3d3b7f","line":582,"range":{"start_line":581,"start_character":0,"end_line":582,"end_character":29},"updated":"2023-03-16 06:08:29.000000000","message":"nits.\n\n```\nreturn self._parse_...\n```","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"9c878045a78ed066374286d9c0eb0e8f27318328","unresolved":false,"context_lines":[{"line_number":578,"context_line":"                               origin_token_metadata)"},{"line_number":579,"context_line":"                raise InvalidToken(_(\u0027The token is invalid.\u0027))"},{"line_number":580,"context_line":""},{"line_number":581,"context_line":"            token_data \u003d self._parse_necessary_info(origin_token_metadata)"},{"line_number":582,"context_line":"            return token_data"},{"line_number":583,"context_line":"        except (ConfigurationError, ForbiddenToken,"},{"line_number":584,"context_line":"                ServiceError, InvalidToken):"},{"line_number":585,"context_line":"            raise"}],"source_content_type":"text/x-python","patch_set":11,"id":"c0077e87_eb0866e0","line":582,"range":{"start_line":581,"start_character":0,"end_line":582,"end_character":29},"in_reply_to":"ec725053_3b3d3b7f","updated":"2023-03-17 03:10:02.000000000","message":"Has modified.","commit_id":"7c4aa6aa6edd5200ee69cf71e7e1bded055136c7"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"d882c48ed553132faca0497f8ca5331777b6912d","unresolved":true,"context_lines":[{"line_number":1,"context_line":"# Copyright 2023 OpenStack Foundation"},{"line_number":2,"context_line":"#"},{"line_number":3,"context_line":"# Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":4,"context_line":"# not use this file except in compliance with the License. You may obtain"}],"source_content_type":"text/x-python","patch_set":14,"id":"82370b61_b681254f","line":1,"updated":"2023-06-14 18:42:39.000000000","message":"Please remove this line.","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"b6dc3a95c33caef4f0dc7362c1313dd5d90e4854","unresolved":true,"context_lines":[{"line_number":1,"context_line":"# Copyright 2023 OpenStack Foundation"},{"line_number":2,"context_line":"#"},{"line_number":3,"context_line":"# Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":4,"context_line":"# not use this file except in compliance with the License. You may obtain"}],"source_content_type":"text/x-python","patch_set":14,"id":"ae186017_22c9f152","line":1,"in_reply_to":"82370b61_b681254f","updated":"2023-08-28 09:40:07.000000000","message":"I removed it.\n(Patchset 15)","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"d882c48ed553132faca0497f8ca5331777b6912d","unresolved":true,"context_lines":[{"line_number":113,"context_line":"    cfg.StrOpt(\u0027mapping_project_domain_name\u0027,"},{"line_number":114,"context_line":"               help\u003d\u0027Specifies the method for obtaining the project domain \u0027"},{"line_number":115,"context_line":"                    \u0027name that currently needs to be accessed.\u0027),"},{"line_number":116,"context_line":"    cfg.StrOpt(\u0027mapping_user_id\u0027,"},{"line_number":117,"context_line":"               help\u003d\u0027Specifies the method for obtaining the user ID.\u0027),"},{"line_number":118,"context_line":"    cfg.StrOpt(\u0027mapping_user_name\u0027,"},{"line_number":119,"context_line":"               help\u003d\u0027Specifies the method for obtaining the user name.\u0027),"}],"source_content_type":"text/x-python","patch_set":14,"id":"1373669c_66412a1e","line":116,"updated":"2023-06-14 18:42:39.000000000","message":"It would be beneficial to reduce the number of required configuyration options here for the user by providing some defaults. For example, we may default to `sub` or `username` for `mapping_user_id`, and `username` for `mapping_user_name`.","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"2949d4fc8c0d0697b2cf648abe63c282f936755b","unresolved":true,"context_lines":[{"line_number":113,"context_line":"    cfg.StrOpt(\u0027mapping_project_domain_name\u0027,"},{"line_number":114,"context_line":"               help\u003d\u0027Specifies the method for obtaining the project domain \u0027"},{"line_number":115,"context_line":"                    \u0027name that currently needs to be accessed.\u0027),"},{"line_number":116,"context_line":"    cfg.StrOpt(\u0027mapping_user_id\u0027,"},{"line_number":117,"context_line":"               help\u003d\u0027Specifies the method for obtaining the user ID.\u0027),"},{"line_number":118,"context_line":"    cfg.StrOpt(\u0027mapping_user_name\u0027,"},{"line_number":119,"context_line":"               help\u003d\u0027Specifies the method for obtaining the user name.\u0027),"}],"source_content_type":"text/x-python","patch_set":14,"id":"5cf4795e_c07bbe27","line":116,"in_reply_to":"1373669c_66412a1e","updated":"2023-06-20 15:49:55.000000000","message":"I agree. I\u0027ll do.","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"b6dc3a95c33caef4f0dc7362c1313dd5d90e4854","unresolved":true,"context_lines":[{"line_number":113,"context_line":"    cfg.StrOpt(\u0027mapping_project_domain_name\u0027,"},{"line_number":114,"context_line":"               help\u003d\u0027Specifies the method for obtaining the project domain \u0027"},{"line_number":115,"context_line":"                    \u0027name that currently needs to be accessed.\u0027),"},{"line_number":116,"context_line":"    cfg.StrOpt(\u0027mapping_user_id\u0027,"},{"line_number":117,"context_line":"               help\u003d\u0027Specifies the method for obtaining the user ID.\u0027),"},{"line_number":118,"context_line":"    cfg.StrOpt(\u0027mapping_user_name\u0027,"},{"line_number":119,"context_line":"               help\u003d\u0027Specifies the method for obtaining the user name.\u0027),"}],"source_content_type":"text/x-python","patch_set":14,"id":"843f85ff_2d586ff7","line":116,"in_reply_to":"5cf4795e_c07bbe27","updated":"2023-08-28 09:40:07.000000000","message":"I added default value.\n`client_id` defined in RFC7662 has been adopted as the default value for `mapping_user_id`.\nhttps://www.rfc-editor.org/rfc/rfc7662\n(Patchset 15)","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"d882c48ed553132faca0497f8ca5331777b6912d","unresolved":true,"context_lines":[{"line_number":442,"context_line":"                                   conf)"},{"line_number":443,"context_line":""},{"line_number":444,"context_line":"        self._session \u003d self._create_session()"},{"line_number":445,"context_line":"        self._audience \u003d self._get_config_option(\u0027audience\u0027, is_required\u003dTrue)"},{"line_number":446,"context_line":"        self._introspect_endpoint \u003d self._get_config_option("},{"line_number":447,"context_line":"            \u0027introspect_endpoint\u0027, is_required\u003dTrue)"},{"line_number":448,"context_line":"        self._auth_method \u003d self._get_config_option("}],"source_content_type":"text/x-python","patch_set":14,"id":"5a1ad0b3_625af829","line":445,"updated":"2023-06-14 18:42:39.000000000","message":"Can we make this field not required and use `client_id` as audience if a different audience is not provided? This will simplify configuration and I think this is what various implementations do by default.","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"2949d4fc8c0d0697b2cf648abe63c282f936755b","unresolved":true,"context_lines":[{"line_number":442,"context_line":"                                   conf)"},{"line_number":443,"context_line":""},{"line_number":444,"context_line":"        self._session \u003d self._create_session()"},{"line_number":445,"context_line":"        self._audience \u003d self._get_config_option(\u0027audience\u0027, is_required\u003dTrue)"},{"line_number":446,"context_line":"        self._introspect_endpoint \u003d self._get_config_option("},{"line_number":447,"context_line":"            \u0027introspect_endpoint\u0027, is_required\u003dTrue)"},{"line_number":448,"context_line":"        self._auth_method \u003d self._get_config_option("}],"source_content_type":"text/x-python","patch_set":14,"id":"621f3857_86a28096","line":445,"in_reply_to":"5a1ad0b3_625af829","updated":"2023-06-20 15:49:55.000000000","message":"Sorry for giving an unclear answer at the PTG. \nThis audience is used by keystonemiddleware to authenticate an external authorization server with JSON Web Token (JWT) Profile [1] and is not used to validate the client that has accessed keystonemiddleware.\n\nAccording to [1],\n\u003e The JWT MUST contain an \"aud\" (audience) claim containing a value that identifies the authorization server as an intended audience.  The token endpoint URL of the authorization server MAY be used \n\nThe current codes match this description.\n\n[1] https://datatracker.ietf.org/doc/html/rfc7523#section-3","commit_id":"3c9589b21ed61189d37e8d9987aaf5c8a83e004a"}]}