Cloud Foundry UAA Behaviour:

1. We need to call the login.do for authentication
2. Another call is needed to token service /oauth/token for getting the token.

Requirement

1. Our application should redirect to UAA login page in case of invalid token or token not present
2. Login.html should always reside in UAA
3. On successful authentication UAA should redirect to Index.html (Landing page of our application) with valid token as authentication header

Solution:

There is Login.html present in UAA service which is specifically used for Login & doesn't return any token.
Following modification will be done in order to redirect to our application passing the token

1. UAA's Login.html will call the /oauth/token service call using the AJAX & acquire the token. We are sending (user id, password, client id, credentails & grant type)
2. On receiving the token, Login.html(UAA Resource) will redirect to index.html(Our Application resource) by passing the token in URI using the window.location.href of JS
3. The window.location.href will make browser to call the index.html & we will capture the token to validate it

I want to know whether the above mentioned process is the best practise ?

If not? can some one suggest the best pratice for redirection & acquiring the token?