Keystone v2v2 Improperly Caching Token When Token Expires Before Caching

Description

In the case where a token is valid when a call is made to Identity, but expires before we read and calculate that token's TTL, the token is cached for the configured amount of time. It should not get cached at all, since it has expired.

  • Corner Case - Token expires at 23:59:05. We pull the token at 23:59:04 and cache it with our own expiration. We then call identity to get groups. Token could potentially fail this call by expiring between calls.

  • We shouldn't cache the token because once we cache, we assume that token is valid and we stop calling identity.

Acceptance Criteria:

  • We no longer cache this token.

Environment

None

Status

Assignee

Unassigned

Reporter

Damien Johnson

Labels

None

External issue ID

None

CoAssignee

None

Capitalizable

True

Story Points

2

Priority

High
Configure