OAuth 2.0 Mutual-TLS Support

The OAuth2.0 Access Token API is modified, support to get an OAuth2.0 certificate-bound access token from the keystone identity server with OAuth 2.0 credentials and Mutual-TLS certificates. Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp> Change-Id: I885527bec61429b1437a046097a16491848b5a0a Implements: blueprint support-oauth2-mtls
author: sunyonggen <sunyonggen@fujitsu.com> 2022-10-07 11:00:05 +0900
committer: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp> 2023-03-03 11:28:05 +0900
commit: f6a0cce4409232d8ade69b7773dbabcf4c53ec0f (patch)
tree: 078551b62f12d64b0a9ba4a5dfbc4663681f616e /keystone/common/render_token.py
parent: 420f4ff46da106b67912cecdff939f5dc0b079d0 (diff)
download: keystone-f6a0cce4409232d8ade69b7773dbabcf4c53ec0f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/keystone/common/render_token.py b/keystone/common/render_token.py
index 320260b1f..4a84f5c0c 100644
--- a/keystone/common/render_token.py
+++ b/keystone/common/render_token.py
@@ -142,5 +142,9 @@ def render_token_response_from_model(token, include_catalog=True):
             token_reference['token'][key]['access_rules'] = (
                 token.application_credential['access_rules']
             )
+    if token.oauth2_thumbprint:
+        token_reference['token']['oauth2_credential'] = {
+            'x5t#S256': token.oauth2_thumbprint
+        }
 
     return token_reference
author	sunyonggen <sunyonggen@fujitsu.com>	2022-10-07 11:00:05 +0900
committer	Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp>	2023-03-03 11:28:05 +0900
commit	f6a0cce4409232d8ade69b7773dbabcf4c53ec0f (patch)
tree	078551b62f12d64b0a9ba4a5dfbc4663681f616e /keystone/common/render_token.py
parent	420f4ff46da106b67912cecdff939f5dc0b079d0 (diff)
download	keystone-f6a0cce4409232d8ade69b7773dbabcf4c53ec0f.tar.gz