1.8.3 Release Notes

/ids/Users endpoint protected by a scope

Previously, any valid token was allowed access to translate a username to a id or vice versa. It is now protected by the scim.userids scope. Security is further tightened by checking the scope as well limiting filtering possibilities.

Externalize default scopes

Non UAA scopes, were previously defined in the oauth-endpoints.xml. Client scopes can now be configured in the uaa.yml instead of relying on our XML file.

Refactor /Groups/External APIs

Endpoints that are more RESTful have been added for listing, updating and deleting external group mappings.

Stories Completed
Features
Externalize default scopes
Protect /ids/Users by scope
Refactor API