diff options
Diffstat (limited to 'releasenotes/notes/bp-support-oauth2-mtls-8552892a8e0c72d2.yaml')
-rw-r--r-- | releasenotes/notes/bp-support-oauth2-mtls-8552892a8e0c72d2.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/bp-support-oauth2-mtls-8552892a8e0c72d2.yaml b/releasenotes/notes/bp-support-oauth2-mtls-8552892a8e0c72d2.yaml new file mode 100644 index 000000000..19b6ccb11 --- /dev/null +++ b/releasenotes/notes/bp-support-oauth2-mtls-8552892a8e0c72d2.yaml @@ -0,0 +1,13 @@ +--- +features: + - | + [`blueprint support-oauth2-mtls <https://blueprints.launchpad.net/keystone/+spec/support-oauth2-mtls>`_] + Provide the option for users to proof-of-possession of OAuth 2.0 access + token based on `RFC8705 OAuth 2.0 Mutual-TLS Client Authentication and + Certificate-Bound Access Tokens`. Users can now use the OAuth 2.0 Access + Token API to get an OAuth 2.0 certificate-bound access token from the + keystone identity server with OAuth 2.0 credentials and Mutual-TLS + certificates. Then users can use the OAuth 2.0 certificate-bound access + token and the Mutual-TLS certificates to access the OpenStack APIs that use + the keystone middleware to support OAuth 2.0 Mutual-TLS client + authentication. |