Community
Technology Blog Posts by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP CAP JWT Token Flow in code

sandeepmalhotra
Participant
‎2023 Apr 03 11:54 PM
6,244
Objective - To understand when JWT token is generated and passed to the req object in CAP service ( req.headers.authorization)

XSUAA is responsible for Authentication and generating the JWT Token. However, Approuter forwards the JWT Token to the service. Once  the user get authenticated with XSUAA  by App-router. App-Router will pass JWT Token to the ODATA service

Assumption - Audience has basic understanding of SAP BTP , Cloud-Foundry

Following are the basic components used



















 Component Usage
Odata Service To print JWT token
XSUAA Generate JWT Token
Approuter Read the JWT Token and pass it to  ODATA service

 

Github Public Repository Link 

URL https://github.com/Sandeep-Malhotra/cap-test-jwt

 

Following different branches are created to understand the use of XSUAA , Approuter

 





















Branch Name

Purpose


without-uaa

App without XSUAA service


with-uaa

App with XSUAA service but without Approuter


with-approuter

App with XSUAA service and Approuter

Steps

  • Create a directory


mkdir cap-test-jwt


  •  Create the project inside the directory


cds init


  • Create a service in the service folder and its handler too


Only function import is added the service which returns the JWT token as a string



@path: '/test'

service TestService {

    function getJWTToken() returns String

};

 
const cds = require('@sap/cds');

module.exports = async function () {

    this.on("getJWTToken", async (req) => {

        //  As Approuter module and XSUAA service is added

        //  That is why JWT Token is returned after user got authenticated by Approuter from UAA service

        let sToken = "";

        if (req.headers.authorization) {

            sToken = req.headers.authorization;

        }

        return sToken;



    })

}

 

  • Deploy the service to the CF by running the script defined in package.json file


 
npm run deploy​

 

  • Run the Service


/test/getJWTToken()

 

Till now , neither XSUAA service nor App-router is added.  Therefore , req.headers.authorization will be undefined

 

  • Add XSUAA service


cds add xsuaa

 

  • Run the service after deployment ( Refer steps of deployment and running described previously)


 

Till now , no App-router is added but XSUAA service is added .  Again , req.headers.authorization will be undefined

 

  • Add App-router service


cds add approuter

 

  • Run the service with approuter URL after deployment ( Refer steps of deployment and running described previously)


 

Once approuter is added, req.headers.authorization will have the JWT Token .

 

Last but not least , code can run locally by creating the Default-Env.json file .
cf de cap-test-jwt-srv

 

In the App folder also copy the default-env.json but add the destination in order to route the call to local running service at the top most property
  "destinations": [

    {

      "name": "srv-api",

      "url": "http://localhost:4004",

      "forwardAuthToken": true

    }

  ],

 

 
Hope this helps the readers.



Happy Coding !!


Further Reading link