Thank you very much for your great work on OAuth 1 authentication for
(1) I have configured Keystone for Federation by following the instructions
Then I can log in to OpenStack through Shibboleth identity provider.
Configuring Keystone for Federation
(2) I can NOT find the instructions on Configuring Keystone for OAuth1.
I also can NOT find the instructions on Configuring Keystone for OAuth2.
Instead I only find the developers' documentation on OAuth2 for OpenStack
Comparing the source code keystone-220.127.116.11b1.tar.gz with the GitHub
repository, I discover that there has been fundemental update on oAuth 1
(2a) For keystone-18.104.22.168b1.tar.gz
backends/ controllers.py core.py routers.py validator.py
(2b) For the GitHub repository,
controllers.py core.py routers.py schema.py validator.py
Would you please shed some light on how to configure Keystone for OAuth1?
Thank you very much.
I am trying to develop OAuth 2 client for Keystone. We will contribute our
OAuth 2 client source code to the community if we can use Google/Facebook
to log in to OpenStack through OAuth 2 client.
Steve Martinelli <s.martinelli [at] gmail> Jun 27, 2016, 10:57 PM
So, the os-oauth routes you mention in the documentation do not make
keystone a proper oauth provider. We simply perform delegation (one user
handing some level of permission on a project to another entity) with the
standard flow established in the oauth1.0b specification.
Historically we chose oauth1.0 because one of the implementers was very
much against a flow based on oauth2.0 (though the names are similar,
can be treated as two very different beasts, you can read about it here
). Even amongst popular service providers the choice is split down the
middle, some providing support for both 
We haven't bothered to implement support for oauth2.0 since there has
no feedback or desire from operators to do so. Mostly, we don't want
yet-another-delegation mechanism in keystone, we have trusts and
should an enticing use case arise to include another, then we can revisit
OpenStack Development Mailing List (not for usage questions)