-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UAAC CLI not validating scopes #64
Comments
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/159348412 The labels on this github issue will be updated when the story is started. |
Perhaps give the new |
@drnic I just compiled, but it seems I am getting "You must have a token in your context to perform this command". Any idea on how to log in, if I want to use default admin client account?. |
|
@drnic Thanks. |
Scopes can be anything. The resource servers can decide to use scopes Sorry for the 5 year delay btw. |
Recently we went through small typo that delayed some of our troubleshooting efforts. Below is the same code we are trying to create a client(The actual scope and authorities are spelled wrong in the code). Surprisingly, uaac never complained, but the authentication for this client keeps failing. After going through many hops, we have identified that the uaac command line is not checking scopes, we saw that its validating grant types, but not --authorities and --scope. Any specific reason that this syntax not validating? or something I am missing to interpret?.
Command With Typo:-
uaac client add testclient --name testclient --scope cloudcontroller.read --authorities cloudcontroller.admin --authorized_grant_types "authorization_code,refresh_token" --access_token_validity 3600 --refresh_token_validity 3600 --secret XXXXXX --redirect_uri https://concourse.domain.com/auth/uaa/callback --autoapprove true
Actual command:-
uaac client add testclient --name testclient --scope cloud_controller.read --authorities cloud_controller.admin --authorized_grant_types "authorization_code,refresh_token" --access_token_validity 3600 --refresh_token_validity 3600 --secret XXXXXX --redirect_uri https://concourse.domain.com/auth/uaa/callback --autoapprove true
The text was updated successfully, but these errors were encountered: