keystone v2 - Get token without using userid/password

Question

I am writing one app which does authentication using keystone v2.0 APIs, now while authentication /v2.0/tokens, I get the token for all the projects which the user does have access to.

Now when a project is added using horizon how I can get the token for that project, as I am not storing userid/password for the logged in user, and to get the token for the project, I need to send the /v2.0/tokens with the below POST data,

{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "user", "password": "password"}}}

But as I am not storing the userid/password, once user is logged in, then after wards how I can get token for the new project?

Is it necessary to store the user id/password somewhere which can be used later? If yes, then usually what is the best way to store user credentials?

Regards, -M-

Answer 1

After looking into the keystoneclient code of v2, I got the answer, we can get the token of a new project using existing token itself

data = {"auth": {"token": {"id": token}}}
data['auth']['tenantName'] = tenantName;

Regards, -M-

Answer 2

身份验证有多种模式，可以是令牌，密码，oauth等。如果您之前曾请求过无范围令牌，则可以使用无范围令牌来获得有范围的令牌（针对项目/租户）。