Sorry for using "trustor" and "trustee" terms in OAuth1 context, but these terms clearly describes users positions.
OpenStack CLI explicitly requires an OAuth1 "trustor" to specify a role for an OAuth1 Access Token:
$ openstack request token authorize usage: openstack request token authorize [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] --request-key <request-key> --role <role> openstack request token authorize: error: the following arguments are required: --request-key, --role
However a specified role is silently ignored and OAuth1 token gets all OAuth1 "trustor" roles.
https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/os_oauth1.py#L287
As an OAuth1 "trustor" I expect the "trustee" to have only accepted roles.
Sorry for using "trustor" and "trustee" terms in OAuth1 context, but these terms clearly describes users positions.
OpenStack CLI explicitly requires an OAuth1 "trustor" to specify a role for an OAuth1 Access Token:
$ openstack request token authorize
[ -f {json,shell, table,value, yaml}]
[ -c COLUMN] [--noindent]
[ --prefix PREFIX]
[ --max-width <integer>] [--fit-width]
[ --print- empty] --request-key
< request- key> --role <role>
usage: openstack request token authorize [-h]
openstack request token authorize: error: the following arguments are required: --request-key, --role
However a specified role is silently ignored and OAuth1 token gets all OAuth1 "trustor" roles.
https:/ /github. com/openstack/ keystone/ blob/7bb6314e40 d6947294260324e 84a58de191f8609 /keystone/ api/os_ oauth1. py#L287
As an OAuth1 "trustor" I expect the "trustee" to have only accepted roles.