cancel
Showing results for 
Search instead for 
Did you mean: 

CAP authentication

edb94
Explorer
0 Kudos

Hello all,

I've tried developping a CAP Node.js application and deployed to CF. But once I try to access my srv from outside (for example Postman) or with my ADFS user, it gives me 401 error.

How do I have to authenticate in order to not getting 401 error? If I do a POST to authentication URL, I have a 200 but no token, just a HTML and I don't really know how to retrieve my token.

Could you help me, please?

Best regards.

Accepted Solutions (1)

Accepted Solutions (1)

Dinu
Contributor

Assuming you have bound your application to XSUAA, The Token URL for XSUAA (OAuth 2.0 service in CF) is <THE URL OBTAINED FROM THE BINDING OBJECT "URL" FIELD>/oauth/token

see: BTP Documentation | Getting an Application Access Token and XSUAA Documentation | Retrieve Credentials for Remote Applications 

Follow Capire | Using XSUAA-Based Authentication for adding XSUAA to your application.

edb94
Explorer
0 Kudos
Hello Dinu, it works for me! I was wondering how to retrieve Bearer token and now I'm able to consume services deployed on CF. Thank you very much!

Answers (2)

Answers (2)

Erkan
Explorer

In most of cases all deployed applications to SAP BTP is behind authorization. By default public access is restricted.  There are some work around if you really want to do it without authorization

Anyway could you specify the Postman method? Are you trying to reach local one or the deployed version of service/application router? If it is local I think you can try to use .http file to test your requests. you can set authorization with {{me}} Example

If you are trying to reach a deployed app/service on SAP BTP you will need to create a service key and authenticate by using OAuth 2.0. After creating the service key on SAP BTP cockpit you can read this documentation and get your Bearer token  https://learning.postman.com/docs/sending-requests/authorization/oauth-20/ 

edb94
Explorer
0 Kudos
Hello Erkan! Thank you for the reply! I wasn't able to consume service because I was missing the oAuth token URL to get the token. Now that I've created service key I'm correctly getting token and it's working. Thank you very much!
rileyrainey
Product and Topic Expert
Product and Topic Expert

Technically speaking, CAP typically relies on approuter/xsuaa instances to oversee authentication. That's maybe most common but that's not an absolute. 

Assuming that your CAP application deployment is front-ended by approuter, you should have a look at this post by Marius Obert,  I haven't used this in a while, but I expect the mechanism still works. Marius writes up an important caveat on the technique -- it will not work universally -- so read carefully.

edb94
Explorer
0 Kudos
Hello Riley! The content was very enriching and has helped me a lot to understanding better CAP authentication and authorization. Thank you very much!!