The CloudFoundry User Account and Authentication Server is a multi-tenant identity management service written in Java that functions as both a dedicated OAuth2 provider and a standalone authentication service. It serves as the primary authentication and authorization layer for Cloud Foundry deployments while remaining available for independent use. The service issues OAuth2 tokens for client applications acting on behalf of Cloud Foundry users and can authenticate users with their Cloud Foundry credentials while functioning as an SSO service.
The UAA Server implements a comprehensive set of APIs including standard OAuth2 endpoints for authorization and token issuance, a login_info endpoint for querying required login prompts, a check_token endpoint allowing resource servers to validate access tokens, a token_key endpoint for obtaining verification keys, SCIM user provisioning endpoints, and partial OpenID Connect support for authentication and userinfo operations. The server supports three primary use cases: basic form login through a GET /login endpoint, OAuth2 token grant approval via the standard /oauth/authorize endpoint, and access token acquisition through the /oauth/token endpoint. Authentication can be performed by command line clients submitting credentials directly to the /oauth/authorize endpoint.
The repository is structured as a multi-project Gradle build containing the main uaa WAR project for deployment, a server JAR project implementing the REST API and UI including SCIM support, and a model JAR project shared between client and server components. The application runs as a Spring MVC webapp deployable to Tomcat or other containers, with the option to execute directly via Gradle tasks. Local development uses HSQLDB by default, though the system supports MySQL and PostgreSQL through configurable profiles. The codebase requires Java 25 and can be started with ./gradlew run listening on port 8080 at http://localhost:8080/uaa.
According to GitGenius activity tracking across 271 issues and pull requests, the repository exhibits a median response latency of 63571.5 hours with a mean of 41991.4 hours. The most active labels are accepted with 122 occurrences, unscheduled with 22, and closed due to age with 16. Primary contributors tracked include strehle with 214 events, fhanik with 27 events, and gryffindor-001 with 12 events. The repository shares overlapping contributors with microsoft/vscode, microsoft/typescript, and rust-lang/rust according to GitGenius linking analysis.
Testing infrastructure includes unit tests using HSQLDB by default, integration tests runnable through Docker containers with support for multiple database types, and the ability to run individual test classes or methods through Gradle. The project uses spring-restdocs for API documentation generation with Ruby and Slate for output formatting. The repository includes comprehensive documentation covering LDAP integration, token specifications, Kubernetes deployment, and testing procedures. Development can be performed with JDWP debugging support on port 5005, and the application supports TLS configuration through dedicated boot scripts.