UAAC CLI not validating scopes #64
Comments
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/159348412 The labels on this github issue will be updated when the story is started. |
|
Perhaps give the new |
|
@drnic I just compiled, but it seems I am getting "You must have a token in your context to perform this command". Any idea on how to log in, if I want to use default admin client account?. |
|
|
@drnic Thanks. |
|
Scopes can be anything. The resource servers can decide to use scopes Sorry for the 5 year delay btw. |
Recently we went through small typo that delayed some of our troubleshooting efforts. Below is the same code we are trying to create a client(The actual scope and authorities are spelled wrong in the code). Surprisingly, uaac never complained, but the authentication for this client keeps failing. After going through many hops, we have identified that the uaac command line is not checking scopes, we saw that its validating grant types, but not --authorities and --scope. Any specific reason that this syntax not validating? or something I am missing to interpret?.
Command With Typo:-
uaac client add testclient --name testclient --scope cloudcontroller.read --authorities cloudcontroller.admin --authorized_grant_types "authorization_code,refresh_token" --access_token_validity 3600 --refresh_token_validity 3600 --secret XXXXXX --redirect_uri https://concourse.domain.com/auth/uaa/callback --autoapprove trueActual command:-
uaac client add testclient --name testclient --scope cloud_controller.read --authorities cloud_controller.admin --authorized_grant_types "authorization_code,refresh_token" --access_token_validity 3600 --refresh_token_validity 3600 --secret XXXXXX --redirect_uri https://concourse.domain.com/auth/uaa/callback --autoapprove trueThe text was updated successfully, but these errors were encountered: