Comment 12 for bug 1299012

@Robert Clark, not sure if I understand your question. Comment #3 suggested if one does not properly setup their authorization policy, this could be problematic. For example,

"some_api": "auth_method: token and auth_method: password and user_id:%(user_id)s",

where token and password methods are obtained using the combined credentials. But this is not something we support in OpenStack right now. We don't populate the auth method in auth_context which used for policy check.