Re: Redirection to another application using UAA : Best Practices required

Home Messages Hashtags Subgroups

#5776

Re: Redirection to another application using UAA : Best Practices required

Sree Tummidi #5776 Hi Rajan, The best practice to use UAA as the OAuth Authorization Server and enable your Application as an OAuth Client. You need to register an OAuth client for your App and as part of the registration specify the redirect URI. Since you have a web application , you have two choices in terms of the grant type . You can either use the Authorization Code or Implicit (If you have a Single Page App) Your application needs to redirect to the OAuth Authorize End Point. UAA will take care of authenticating and authorizing the user and redirecting to the app with the token. Please refer to the UAA docs here : http://docs.cloudfoundry.com/uaa/?http#authorization-code-grant http://docs.cloudfoundry.com/uaa/?http#authorization-code-grant13 http://docs.cloudfoundry.com/uaa/?http#create90 Thanks, Sree Tummidi Staff Product Manager Identity - Pivotal Cloud Foundry On Tue, Sep 27, 2016 at 4:23 AM, Rajan vakharia <rajan.vakharia(a)gmail.com> wrote: Cloud Foundry UAA Behaviour: 1. We need to call the login.do for authentication 2. Another call is needed to token service /oauth/token for getting the token. Requirement 1. Our application should redirect to UAA login page in case of invalid token or token not present 2. Login.html should always reside in UAA 3. On successful authentication UAA should redirect to Index.html (Landing page of our application) with valid token as authentication header Solution: There is Login.html present in UAA service which is specifically used for Login & doesn't return any token. Following modification will be done in order to redirect to our application passing the token 1. UAA's Login.html will call the /oauth/token service call using the AJAX & acquire the token. We are sending (user id, password, client id, credentails & grant type) 2. On receiving the token, Login.html(UAA Resource) will redirect to index.html(Our Application resource) by passing the token in URI using the window.location.href of JS 3. The window.location.href will make browser to call the index.html & we will capture the token to validate it I want to know whether the above mentioned process is the best practise ? If not? can some one suggest the best pratice for redirection & acquiring the token? attachment.html
More All Messages By This Member

View All 4 Messages In Topic

#5776

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms