> The bearer token generated by UAA is a self validating JWT token which can be to checked for the issuer, signature, expiry, scope etc. To validate JWT, we are using HMAC Algorithm and a secret,

Pretty much the same here. Haven’t heard back from Eric as well – he tried to reproduce that error some time ago. @Eric: Any news on that? My Inbox is going crazy on the amount of mails per day

Dear Customer, Your parcel has arrived at September 28. Courier was unable to deliver the parcel to you. Shipment Label is attached to this email. Yours trully, Gordon Stafford, FedEx Delivery

Exactly. We're already using the jsonwebtoken [1] library for the handling of JWT tokens. The work we've been discussing here is more about integrating that token validation and the authorization

Amit - I worry about changes to the former in the context of HTTP 1.0 and 1.1, especially without pipelining. What problem are you trying to solve? If you’re having trouble initiating new sockets,

I wouldn't recommend writing this library by hand when there are plenty of libraries to pick from. Take a look at "Client libraries" at http://oauth.net/2/ and there are plenty

After suddenly realizing I still haven't seen an e-mail to cf-bosh, I have given up. I've switched all my subscriptions over to Regular, no digests. -- Marco Nicosia Product Manager Pivotal

+1 to that, that's what we're implementing, i.e. not bombarding UAA with token validation call traffic each time we get usage posted to Abacus :) Thanks! -- Jean-Sebastien Sent from my DynaTAC

Unless I missed something in my reading of section 3-1 of RFC 6350, I don't see where it suggests that we'd need to validate all required parameters of the request *before* authenticating. The spec

Hi, The access token that you are passing in the header serves as both a proof of authentication & authorization(scopes allowed) The validation of the request includes checking for the presence of

How you interpret service data is entirely up to your application. CF just provides that information for you via VCAP_SERVICES. If you use a library to help read service information, which is common

I am working on implementing (see Github commit at [1] for more details) an Express middleware to authenticate incoming requests using OAuth bearer access token. We want to make sure our

We don't see this degradation on any of our environments. We typically deploy at least every two weeks, so it's possible none of our environments are up long enough to exhibit this behavior. Do you

It was a user-provided service instance. Yes, thanks, I was able to figure out that i didn't do a manual URL encoding and this seems to be working, Thanks, I have a question now, does this mean the

Hi Ben, Following up on our discussion of some of the data structures we can use to represent our various time windows: (some background in Github #33 [1] and I've copied the latest Github comment

Hey Piotr, We're currently registering our sample resource configs in lib/config/resource/src/index.js [1]. To register yours you can just add one line like this: '<your resource_id>':

The "instances" attribute from the api will give the current number of instances that should be running. If a user has recently changed this via the API, the actual number of running instances may be

Hi, I would like to add a new resource, similar to linux-container. What is a correct way to register that resource ? The resource files are located

Actually I made a mistake here. The gem you may to use as a API wrapper for Ruby is called cfoundry [1]. While it may not have support for the latest versions of CF, I was able to use it in may

Hey, Sir Zooba. Sorry for the late response. You can find the description of Cloud Controller API here [1]. You can make requests to your Cloud Controller through Gorouter component adding “api.”