Re: service broker user delegation beyond service-dashboard

Guillaume Berche

Thanks Brian for your feedback.

Can you elaborate on use-cases for which somes scopes would need to be
auto-approved by the platform (i.e. without users providing their consent)

Do you rather see that as a syntaxic short-hand for cf users to avoid
repetively providing their consent, in this case would the following
approaches address your use-cases ?
$ cf create-service service-name service-plan service-instance
$ cf config --always-grant-broker-scopes="openid"


On Wed, Nov 11, 2015 at 12:46 AM, Brian Martin <bkmartin(a)> wrote:

One addition, I would like the ability to have some scopes be auto
approved by the platform (eg openid)

Brian K Martin

On Nov 10, 2015, at 5:42 PM, Brian Martin <bkmartin(a)> wrote:

This proposal looks good and addresses many of the same concerns we have
been seeing in Bluemix. I recently reached out to Max to bring forward a
similar proposal.

Brian K Martin

On Nov 10, 2015, at 4:33 PM, Guillaume Berche <bercheg(a)> wrote:


We are seing an increasing number of cases where service brokers need to
act on behalf of CF users, and where the service dashboard support is too
- dashboard URL is not exposed to requesters until the end of the
provision phase
- dashboard URL needs users browsing to it, making it hard to preserve
headless interactions (such as scripts or ci) using the CLI or CC API.

As suggested by Dieu and Shannon over exchanges we had, I formalized my
perception of the problem to be solved and possible ways to address it into:

I'd interested in hearing the CF pms and the community feedback on whether
solving the above problems would benefit the CF community, or whether other
workarounds/solutions exists that I had missed.

Thanks in advance,


Join { to automatically receive all group messages.