Application Credentials

Application credentials provide a way to delegate a user’s authorization to an application without sharing the user’s password authentication. This is a useful security measure, especially for situations where the user’s identification is provided by an external source, such as LDAP or a single-sign-on service. Instead of storing user passwords in config files, a user creates an application credential for a specific project, with all or a subset of the role assignments they have on that project, and then stores the application credential identifier and secret in the config file.

More information can be found in the official documentation.

In order to work with application credentials you have to create the service first.

Create

$identity = $openstack->identityV3();

$user = $identity->getUser('{userId}');
$applicationCredential = $user->createApplicationCredential([
    'name'        => '{name}',
    'description' => '{description}',
]);

Read

$identity = $openstack->identityV3();

$user = $identity->getUser('{userId}');
$applicationCredential = $user->getApplicationCredential('{applicationCredentialId}');
$applicationCredential->retrieve();

Delete

$identity = $openstack->identityV3();

$user = $identity->getUser('{userId}');
$applicationCredential = $user->getApplicationCredential('{applicationCredentialId}');
$applicationCredential->delete();