Currently token validation and revocation methods pass the plain FernetToken into the OPA. It was "ok" when the Token had all the associated info expanded, but it is not going to be true anymore the the FernetToken is only going to have the plain payload. In order to be still able to pass the corresponding information we may want to pass the Credentials object instead to be basically the same what is being passed for the user authentication. We need to analyze what python Keystone is expecting from the x-subject-token to identify whether we need to change that behavior.
Currently token validation and revocation methods pass the plain FernetToken into the OPA. It was "ok" when the Token had all the associated info expanded, but it is not going to be true anymore the the FernetToken is only going to have the plain payload. In order to be still able to pass the corresponding information we may want to pass the Credentials object instead to be basically the same what is being passed for the user authentication. We need to analyze what python Keystone is expecting from the x-subject-token to identify whether we need to change that behavior.