UAA, autoapprove, and cf client


Matt Cholick
 

We recently upgrades from 222 to 228 and saw a change we'd like to know the
reason for.

Looking at the generated uaa.yml for the job's config, in the newest
version, oauth.client.autoapprove only contains "login" and
"support-signon". If we look back to the file in our other environments
(still 222), the list also contains "cf". The shorter list looks to be what
uaa-release has had for a while, so I'm guessing in the older environments
the larger list is merged from elsewhere (I didn't find the source for this
default value including "cf" in 222)

What was the reason for this change?

We're using the flow Trusted Authentication from Login Server
https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#trusted-authentication-from-login-server
And having auto-approve means that in step 1, we can ask for
response_type=token rather than response_type=code to immediately get the
token.

Also, this property is listed as deprecated:
https://github.com/cloudfoundry/uaa-release/blob/develop/jobs/uaa/spec#L229
We're relying on it in our login server. When is the uaa team planning to
remove it?

-Matt Cholick

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.