Make expires_at optional

The issued_at value is on every token, and will be checked on every event against the issued_before field. expires_at is not going to be mutually exclusive with issued_before: issued_before will be specified and checked for all tokens, including those revoked by user and expires_at. issued_before is mandatory, and expires_at is optional. Change-Id: I3e8bcc469ccc7476d517a8f4bd6574ba99dba1f2
2014-02-08 16:48:29 -05:00 · 2014-02-08 16:48:29 -05:00 · 981747e5ae
commit 981747e5ae
parent 4535ce8d2f
1 changed files with 13 additions and 16 deletions
--- a/openstack-identity-api/v3/src/markdown/identity-api-v3-os-revoke-ext.md
+++ b/openstack-identity-api/v3/src/markdown/identity-api-v3-os-revoke-ext.md
@ -23,26 +23,12 @@ Required attributes:
 - `issued_before` (string, ISO 8601 extended format date time with
  microseconds)

-  This attribute is mutually exclusive with `expires_at`.
-
  Tokens issued before this time are considered revoked.

  This attribute can be used to determine how long the expiration event is
  valid. It can also be used in queries to filter events, so that only a subset
  that have occurred since the last request are returned.

- `expires_at` (string, ISO 8601 extended format date time with microseconds)
-
-  This attribute is mutually exclusive with `issued_before`.
-
-  Specifies the exact expiration time of one or more tokens to be revoked.
-
-  This attribute is useful for revoking chains of tokens, such as those produced when
-  re-scoping an existing token. When a token is issued based on initial
-  authentication, it is given an `expires_at` value. When a token is used to
-  get another token, the new token will have the same `expires_at` value as the
-  original.
-
 Optional attributes:

 - `domain_id` (string)
@ -71,6 +57,16 @@ Optional attributes:
  Revoke tokens issued to a specific OAuth consumer, as part of the OS-OAUTH1
  API extension.

+- `expires_at` (string, ISO 8601 extended format date time with microseconds)
+
+  Specifies the exact expiration time of one or more tokens to be revoked.
+
+  This attribute is useful for revoking chains of tokens, such as those produced when
+  re-scoping an existing token. When a token is issued based on initial
+  authentication, it is given an `expires_at` value. When a token is used to
+  get another token, the new token will have the same `expires_at` value as the
+  original.
+
 There properties are additive: Only a token that meets all of the specified
 criteria is considered revoked.

@ -102,11 +98,12 @@ Response:
    {
        "events": [
            {
-                "issued_before": "2013-02-27T18:30:59.999999Z",
+                "issued_before": "2014-02-27T18:30:59.999999Z",
                "user_id": "f287de"
            },
            {
-                "expires_at": "2014-02-27T18:30:59.999999Z",
+                "expires_at": "2014-02-27T22:10:10.999999Z",
+                "issued_before": "2014-02-27T18:30:59.999999Z",
                "project_id": "976bf9"
            },
            {