Firehose sample client broken because of oauth client validation

MatthiasWinzeler commented 7 years ago

UAA release v36 introduced oauth client validation that checks the following (among other criteria):

redirect-uri is required if authorized-grant-types contains "authorization_code" or "implicit". The redirect uri must be an absolute url and begin with http or https

This breaks the default firehose client from the manual since it has authorization_code but no redirect-uri:

properties:
  ...
  uaa:
  ...
    clients:
    ...
      example-nozzle:
        access-token-validity: 1209600
        authorized-grant-types: authorization_code,client_credentials,refresh_token
        override: true
        secret: example-nozzle
        scope: openid,oauth.approvals,doppler.firehose
        authorities: oauth.login,doppler.firehose

What's the correct way of fixing these kinds of clients (we do have some for our nozzles)?

btw, the doc source is maintained here: https://github.com/cloudfoundry/docs-loggregator/blob/master/nozzle-tutorial.html.md.erb

cf-gitbot commented 7 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/146780841

The labels on this github issue will be updated when the story is started.

fhanik commented 7 years ago

https://github.com/cloudfoundry/docs-loggregator/issues/30

I would try this:

properties:
  ...
  uaa:
  ...
    clients:
    ...
      example-nozzle:
        access-token-validity: 1209600
        authorized-grant-types: client_credentials
        override: true
        secret: example-nozzle
        authorities: oauth.login,doppler.firehose

tnwang commented 7 years ago

Closing as it looks like document was updated to what Filip recommended.

cloudfoundry / uaa-release

Firehose sample client broken because of oauth client validation #65