XSUAA BTP Service Implementation for Custom Python APP

Ace_D — Mon, 20 Jan 2025 16:19:44 GMT

Introduction

In the realm of SAP Business Technology Platform (BTP), XSUAA (Extended Services for User Authentication and Authorization) plays a crucial role in managing secure access to applications. Integrating XSUAA with a custom Python Flask app can significantly enhance the security by leveraging OAuth2 and JWT tokens for authentication and authorization. This blog post will guide you through the process of setting up and integrating XSUAA with a Python Flask application.

Pre-requisites

Before diving into the implementation, ensure you have the following:

SAP BTP Account: Access to an SAP BTP account with necessary entitlements.
Python: Installed on your local machine (preferably Python 3.6+). or we can use BAS as well

Step 1: Configuring XSUAA
Set Up XSUAA Service in SAP BTP:

Subscribe the service and generate the service key which will be used later for connecting to this service

Service key looks like this.

It consists of client secret id and password.

Once this steps are done we can proceed with python implementation

lets create a flask based Flask python application which is hosted on cloud foundry of BTP

To host a python file over the BTP we need below files mandatory.

1. Main Python file(logic)

2. Requirements.txt file

3. Manifest.yml file

4. Runtime.txt file

File structure will look like this

Lets quickly create all this file for a basic implementation.

One point to Note here: To test XSUAA Service we need to push file to the CF, we cannot test it locally.

So we will create 3 end points with flask in python

Herer we are importing all the libraries that are needed for this implementation.

name will be the XSUAA BTP service name.

Since this doesn't works in local environment we will push this to CF after all routes are done.

APPEnv is the cloud foundry environment once app is deployed over CF so from the env we are using the XSUAA service that we created in the previous section.

1. To generate the Token

This end point will help to get a Auth token

2. Validate the Generated Token

This end point help us to validate any token coming from external source

3. How to make public url private with this bearer generated token.

This is main Logic end point. generally for development we don't create end points to generate and validate.

Just for testing we have created here.

As you can see if i dont keep a validation over the /testroute it will be a public url but now i have defined a method to check validity of the token. So it will first validate than only my actual logic will give result.

Overall Python code looks like

once main logic is done we will create 3 other required files.

Manifest.yml

Manifest file contains all the necessary information needed for the deployment of the python app.

name : The name of the python application

Memory and disk quotes: This are the space your application going to occupy over the CF

Command: The main file which is gonna execute once your app is deployed.

services: Here we gonna link the XSUAA service name which is there on the BTP

Requirements.txt

List of all the libraries needed for the application.

Runtime.txt

This consists of the runtime python environment version which is going to be used by CF.

Once all this files are setup. You can push them to the CF.

For this I am using BAS. SO i just need to login into my CF and go to the root folder of the python app.

Once I am in the root folder i can just deploy by using CF Push command in the command terminal.

Once the app is deployed successfully you will get the complete URL in the command terminal or else also you can get from the BTP as well.

You will get the above logs once python app is successfully deployed.

Now lets head to chrome to do some basic testing.

The app is working as expected.

Now you can use this token and send it to the /validate root or /testroute to test with postman.

Just use with bearer auth the generated token and call your python routes.

Hence we successfully converted public Api calls to private with BTP XSUAA service.

Re: XSUAA BTP Service Implementation for Custom Python APP

Ace_D — Thu, 23 Jan 2025 07:56:05 GMT

Just a minor correction in the blog since we are binding the application with the service we don't need to generate service key as mentioned above. Application bounded will use the credentials from the service. External services need the service key generation.

Re: XSUAA BTP Service Implementation for Custom Python APP

pianistprogrammer — Fri, 14 Feb 2025 11:15:13 GMT

What are the other services you have in the manifest file, i can see that it is blocked for viewing?

Re: XSUAA BTP Service Implementation for Custom Python APP

SuperMario94 — Mon, 24 Feb 2025 14:16:29 GMT

Hey 🙂
Thanks for this tutorial. How to get your hands on other attributes expect the Email and Name for Example the Phone Number, Language or the custom attributes? How can i query them in the code?

topic Re: XSUAA BTP Service Implementation for Custom Python APP in Application Development and Automation Discussions

XSUAA BTP Service Implementation for Custom Python APP

Re: XSUAA BTP Service Implementation for Custom Python APP

Re: XSUAA BTP Service Implementation for Custom Python APP

Re: XSUAA BTP Service Implementation for Custom Python APP