bosh login in noninteractive mode fails with a 401

[geofffranks]

When I log in using BOSH_CLIENT and BOSH_CLIENT_SECRET set to the username/password of a bosh user, I get 401's from the UAA when trying to run commands like bosh vms.

However, using the same credentials, I'm able to authenticate successfully via an interactive bosh login (with no client/client_secret set). Looking at the UAA logs, in the first case, it is unable to find the user, but in the second case it is happy with it.

This appears to be related to the value of BOSH_CLIENT being a user, rather than a client in the UAA's perspective.

Can the login procedure for non-interactive be updated to match that of the interactive mode, so credentials used in one would work for the other?

[cppforlife]

@geofffranks BOSH_CLIENT/SECRET are used with uaa clients (oauth client credential grant). interactive login uses regular uaa users (oauth password grant). regular uaa user login may include sso type questions send from uaa, so it cannot be done consistently in non-interactive mode, hence non-interactive mode only allows uaa clients.

[geofffranks]

Ah. Didn’t know about the possiblility of extra login prompts. Thanks!