Cloned from launchpad blueprint https://blueprints.launchpad.net/python-keystoneclient/+spec/session-auth-endpoint.
When you send a request through a session you specify the type of endpoint you want it to be sent to. At the moment this consists of 'public', 'internal' and 'admin'. When dealing with unscoped tokens (which don't have a service catalog) this isn't sufficient. We need a way to specify that there are certain requests that need to go to the same URL where the authentication was initially retrieved - the auth_url.
I propose that we add a new endpoint label called 'auth' to the identity plugins and that non-identity plugins will also have to respond to (in whatever manner most appropriate to them) that means the request should be sent to the original authentication URL.
Specification URL (additional information):