Re: Redirection to another application using UAA : Best Practices required

Sree Tummidi

Hi Rajan,

The best practice to use UAA as the OAuth Authorization Server and enable
your Application as an OAuth Client.
You need to register an OAuth client for your App and as part of the
registration specify the redirect URI.
Since you have a web application , you have two choices in terms of the
grant type . You can either use the Authorization Code or Implicit (If you
have a Single Page App)

Your application needs to redirect to the OAuth Authorize End Point. UAA
will take care of authenticating and authorizing the user and redirecting
to the app with the token.
Please refer to the UAA docs here :

Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry

On Tue, Sep 27, 2016 at 4:23 AM, Rajan vakharia <rajan.vakharia(a)>

Cloud Foundry UAA Behaviour:

1. We need to call the for authentication
2. Another call is needed to token service /oauth/token for
getting the token.


1. Our application should redirect to UAA login page in case of
invalid token or token not present
2. Login.html should always reside in UAA
3. On successful authentication UAA should redirect to Index.html
(Landing page of our application) with valid token as authentication header


There is Login.html present in UAA service which is specifically used for
Login & doesn't return any token.
Following modification will be done in order to redirect to our
application passing the token

1. UAA's Login.html will call the /oauth/token service call using
the AJAX & acquire the token. We are sending (user id, password, client id,
credentails & grant type)
2. On receiving the token, Login.html(UAA Resource) will redirect
to index.html(Our Application resource) by passing the token in URI using
the window.location.href of JS
3. The window.location.href will make browser to call the
index.html & we will capture the token to validate it

I want to know whether the above mentioned process is the best practise ?

If not? can some one suggest the best pratice for redirection & acquiring
the token?

Join { to automatically receive all group messages.