The stated rationale for this project are:
Authenticating with cloud.gov can be challenging when developing an app:
- It can be difficult or impossible to log in as multiple different users to manually test your application's functionality.
- If you're offline or on a spotty internet connection, authenticating with cloud.gov may be challenging.
- Because logging into cloud.gov usually involves 2 factor authentication, logging in can be slow and cumbersome, which can slow down development.
- Registering the client ID, client secret, and callback URL in cloud.gov requires creating new identity providers, and you may want a lighter-weight approach for development.
- Debugging problems with the OAuth2 handshake can be difficult because you don't have much visibility into cloud.gov's internal state.
- The fake UAA is intended to solve these problems by making it easy to host your own UAA server on your local system. The simplicity of its implementation and its debugging messages allow developers to easily understand what's going on during the OAuth2 handshake. It also makes it dead simple to log in as multiple different users.
Most of issues can be addressed by running a real UAA server, especially since Docker makes running UAA pretty easy. As in:
docker run -d --name uaa-uaa -p 8080:8080 \
-e UAA_CONFIG_URL=https://gist.githubusercontent.com/pburkholder/4b96a7539da68f39f4804c4a63572e4a/raw/e4533dc8894e7adafedb6f316c4b16ca86be913c/uaa.yml \
hortonworks/cloudbreak-uaa:3.6.3
The above runs an hsqldb
based UAA server pre-configured to authenticate the my-client-id
app. Per the above criteria:
- One can log in as multiple different users,
paul
orstefan
- One can run this without cloud.gov being available (if you use a local
uaa.yml
and have already download the docker image) - One can skip 2-factor auth and just use user/password per your
uaa.yml
configuration - One can fully configure uaa.yml to mimic whatever features of cloud.gov auth that one wants
- One can debug by connecting to the container and tailing the log file, e.g.
docker exec uaa-uaa /usr/bin/tail -f /tomcat/logs/uaa.log
We should deprecate this project, remove references to it from cloud.gov, and instead provide guidance for developing with a dockerized UAA. The example-client.js
can go into https://github.com/18F/cg-demos for demonstrating the cloud.gov identity provider.