Date
1 - 4 of 4
Redirection to another application using UAA : Best Practices required
|
Rajan vakharia
Cloud Foundry UAA Behaviour:
1. We need to call the login.do for authentication 2. Another call is needed to token service /oauth/token for getting the token. Requirement 1. Our application should redirect to UAA login page in case of invalid token or token not present 2. Login.html should always reside in UAA 3. On successful authentication UAA should redirect to Index.html (Landing page of our application) with valid token as authentication header Solution: There is Login.html present in UAA service which is specifically used for Login & doesn't return any token. Following modification will be done in order to redirect to our application passing the token 1. UAA's Login.html will call the /oauth/token service call using the AJAX & acquire the token. We are sending (user id, password, client id, credentails & grant type) 2. On receiving the token, Login.html(UAA Resource) will redirect to index.html(Our Application resource) by passing the token in URI using the window.location.href of JS 3. The window.location.href will make browser to call the index.html & we will capture the token to validate it I want to know whether the above mentioned process is the best practise ? If not? can some one suggest the best pratice for redirection & acquiring the token?
|
|
|
|
Sree Tummidi
Hi Rajan,
The best practice to use UAA as the OAuth Authorization Server and enable your Application as an OAuth Client. You need to register an OAuth client for your App and as part of the registration specify the redirect URI. Since you have a web application , you have two choices in terms of the grant type . You can either use the Authorization Code or Implicit (If you have a Single Page App) Your application needs to redirect to the OAuth Authorize End Point. UAA will take care of authenticating and authorizing the user and redirecting to the app with the token. Please refer to the UAA docs here : http://docs.cloudfoundry.com/uaa/?http#authorization-code-grant http://docs.cloudfoundry.com/uaa/?http#authorization-code-grant13 http://docs.cloudfoundry.com/uaa/?http#create90 Thanks, Sree Tummidi Staff Product Manager Identity - Pivotal Cloud Foundry On Tue, Sep 27, 2016 at 4:23 AM, Rajan vakharia <rajan.vakharia(a)gmail.com> wrote: Cloud Foundry UAA Behaviour:
|
|
|
|
Rajan vakharia
HI Sree,
Thanks for your inputs, we have couple of questions can you please try to address them as well? 1. We are using "password" grant type and wanted more information : Do we have any api to authenticate and redirection to the url ? 2. In case we are using authorization code grant type & have single client for multiple user. Post the authentication do we get same authorization code for each user or different for each user ? Thanks, Rajan Vakharia
|
|
|
|
Sree Tummidi
Please see my answers inline
1. We are using "password" grant type and wanted more information : Do we have any api to authenticate and redirection to the url ? *[Sree]: Its not clear to me why you are using the Password Grant. We handle redirection only for UI based grant types which is either Authorization Code or Implicit.* *Password Grant should be only used with native apps or if you want to be in control of the login experience in which case there is no redirection because your application will serve a login page and collect the username and password and then hit the token endpoint with username, password , client id and client secret .* 2. In case we are using authorization code grant type & have single client for multiple user. Post the authentication do we get same authorization code for each user or different for each user ? *[Sree]: The codes and tokens are generated per user* Thanks, Sree Tummidi Staff Product Manager Identity - Pivotal Cloud Foundry On Wed, Sep 28, 2016 at 6:57 AM, Rajan vakharia <rajan.vakharia(a)gmail.com> wrote: HI Sree,
|
|
|