Skip to Content
1
Jul 30 at 08:36 AM

Accessing CF API from an MTA without user/password but client id and secret?

105 Views Last edit Jul 30 at 08:40 AM 4 rev

Hi all,

I am playing around consuming the Cloud Foundry REST API in a CAP application and providing it as OData to an UI5 frontend. But now I am struggling to authenticate against the CF API. Right now I am using the user/password method. My current call is something like this:

https://login.cf.eu10.hana.ondemand.com/oauth/token<br>Content-Type: application/x-www-form-urlencoded;charset=utf-8
Accept: application/json
Authorization: Basic Y2Y6
Body: client_id=cf&client_secret=&grant_type=password&username=${process.env.username}&password=${process.env.password}

That actually works fine and I receive the necessary bearer token. But I don't want to use a specific user and password stored in some variables of the service and instead use some client ID or client secret authentication like mentioned here: https://docs.cloudfoundry.org/api/uaa/version/75.5.0/index.html#client-credentials-grant

I tried with the client id and secret of the CAP service (VCAP_SERVICES.xsuaa) but all I get is a 403: "Given client ID does not match authenticated client".

I also tried a different authentication URL, the one mentioned in the credentials of the environment variables https://yourSubaccount.authentication.eu10.hana.ondemand.com. There I actually receive a bearer token but this doesn't work to access the CF API https://api.cf.eu10.hana.ondemand.com/v3

Does someone have an idea how to access the API with client id and secret? Or is there a way to get the credentials of the currend logged in user in order to use the user/pw method?

Best regards

Andreas