Dramatis Personae:

Adam Young, Jamie Lennox: Keystone core.

Scene: #openstack-keystone chat room.

ayoung: I still don’t understand the difference between url and uri

jamielennox:auth_uri ends up in “WWW-Authenticate: Keystone uri=%s” header. that’s its only job

ayoung: and what is that meant to do? tell someone where they need to go to authenticate?

jamielennox: yea, it gets added to all 401 responses and then i’m pretty sure everyone ignores it

ayoung:so they should be the same thing, then, right? I mean, we say that the Keystone server that you authenticate against is the one that nova is going to use to validate the token. and the version should match

jamielennox: depends, most people use an internal URL for auth_url but auth_uri would get exposed to the public

ayoung: ah

jamielennox: there should be no version in auth_uri

ayoung: so auth_uri=main auth_url=admin in v2.0 speak

jamielennox: yea. more or less. ideally we could default it way better than that, like auth.get_endpoint(‘identity’, interface=’public’), but that gets funny

ayoung: This should be a blog post. You want to write it or shall I? I’m basically just going to edit this conversation.

jamielennox: mm, blog, i haven’t written one of those for a while

(scene)