Authentication with CF UAA using Spring Security OAuth

authentication-uaa-spring.md

Checkout, Build and Run UAA:

$ git clone https://github.com/cloudfoundry/uaa.git
$ cd uaa/
$ ./gradlew  run

In a separate window, check if the UAA server is running:

$ curl -v -d"username=marissa&password=koala&client_id=app&grant_type=password" -u "app:appclientsecret" http://localhost:8080/uaa/oauth/token

Install the uaac command line tool and target the UAA server:

$ gem install cf-uaac
$ uaac target http://localhost:8080/uaa

Check out user detail of user marissa:

$ uaac token get marissa koala

Switch to the admin user (password is adminsecret):

$ uaac token client get admin
adminsecret

Get a list of all configured clients:

$ uaac clients

which returns the interesting client app among others:

...
app
    scope: cloud_controller.read cloud_controller.write openid password.write scim.userids organizations.acme
    resource_ids: none
    authorized_grant_types: password implicit authorization_code client_credentials refresh_token
    redirect_uri: http://localhost:8080/app/
    autoapprove: openid
    authorities: uaa.resource
    signup_redirect_url: http://localhost:8080/app/
    change_email_redirect_url: http://localhost:8080/app/
    name: The Ultimate Oauth App
    lastmodified: 1493969670092
...

We are going to use that app for SCDF but need to update the redirect_uri - and let's also update the client secret:

$ uaac client update app --redirect_uri http://localhost:9393/login
$ uaac secret set app
blubba

Update the OAuth SCDF configuration:

security:
  oauth2:
    client:
      client-id: app
      client-secret: blubba
      access-token-uri: http://localhost:8080/uaa/oauth/token
      user-authorization-uri: http://localhost:8080/uaa/oauth/authorize
    resource:
      user-info-uri: http://localhost:8080/uaa/userinfo

Open Browser http://localhost:9393 - The authentication flow will start.