Yes that was a very handy example and I had used that to model what I have now. (I actually have a pull request open on that to fix the build :) )However the login form is served by the auth server. I wanted to avoid having to leave my app and be redirected to the auth server. I was thinking the ui application could provide the login page and simply post to /login on the auth server (no gets to /login on auth server). I currently go only through the api gateway layer however when I post to /uaa/login on the api gateway when it passes through I get a CORS issue.