In this post I layout the lab setup for the exercises mentioned in my article "How grant-types keep your application secure?". The lab exercises are for examining the influence of configuration parameter grant-type. You may use this as a setup for further exploration. I would be curious to know what you explored. Please share your own experiments in the comments.
Build and deploy the application with commands shown below:
> npx mbt build -t .
INFO the MTA archive generated at: cf-application_1.0.0.mtar
INFO cleaning temporary files...
> cf deploy cf-application_1.0.0.mtar -f --no-start
This creates 2 XSUAA service instances. These stand for 2 applications in SAP BTP, Cloud Foundry environment.
cf-application-uaa is the XSUAA service instance bound to Business Logic Application
cf-approuter-uaa is the XSUAA service instance bound to Application Router.
Typically when deploying a standalone Application Router and a Business Logic Application, they bind to the same XSUAA service instance. In this exercise the Application Router is considered to bind to an independent XSUAA service instance. This is to illustrate the scenario using managed Application Router or another independently developed application.
We need to create keys for these and copy credentials to a file for the tool we use (httpyac) in the exercises.