If you are using a Pivotal Platform SSO tile and it's service binding, there are ways you can create your OAuth2
application and associated resource configuration without having to manually configure the service instance or use the SSO service management app.
In your manifest.yml
, add the following entries:
- name: ${appname}
...
services:
- sso-service-instance-name
...
env:
GRANT_TYPE: client_credentials
SSO_RESOURCES: |
${appname}-resource.execute: all actions
SSO_AUTHORITIES: ${appname}-resource.execute
SSO_ACCESS_TOKEN_LIFETIME: 86400
OAUTH2_RESOURCE_ID: ${appname}-resource
SSO_SERVICE_URL: <oauth2 server endpoint> # Usually UAA endpoint
In your application.yml
, add the following:
ssoServiceUrl: ${SSO_SERVICE_URL:<default_oauth2_endpoint_url>}
security:
oauth2:
resource:
jwk:
key-set-uri: ${ssoServiceUrl}/token_keys
id: ${OAUTH2_RESOURCE_ID}
client:
scope: ${security.oauth2.resource.id}.execute # the scope when configuring SSO on Pivotal Platform (can be comma-separated list)
For more detailed configuration, please refer to the Pivotal SSO Doc