cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

CAP external rest service - Patch - Possible issue related to headers? (e.g. JWT)

tobias_steckenborn
SAP Champion
SAP Champion

on ‎2023 Feb 02 3:27 PM

1,339

Hi there,

We're currently dealing with an interesting situation, using an external REST service with an OAuth2JWTBearer destination.

In the case of a "service.get" the requests work fine, and a JWT token is sent to the destination service. So for "service.get" e.g. the additional options ("let result = await run(reqOptions, additionalOptions)" - line 234 of remote > Service.js) contain the JWT.

However, in the case of a "service.patch", no JWT token seems to be forwarded. The JWT is not part of the additionalOptions mentioned above. Looking at line 392 of remote > utils > client.js (getJwt) the "headers.authorization" are empty. In case of the patch / UPDATE the headers themself only contain the correlation id. In case of the get / READ the headers include "way more" details.

See below for details.

Are we missing something, or is this a bug?

Best regards,

Tobias

Destination configuration:

{
 "Name": "SomeDestination",
 "Description": "...",
 "Authentication": "OAuth2JWTBearer",
 "ProxyType": "Internet",
 "Type": "HTTP",
 "URL": "someUrl",
 "clientId": "someId",
 "clientSecret": "someSecret",
 "tokenServiceURL": "someUrl"
 },

.cdsrc.json:

"SomeDestination": {
            "kind": "rest",
            "credentials": {
                "[hybrid]": {
                    "destination": "SomeDestination"
                }
            }
}

Pseudo Code:

const service = await cds.connect.to(
 "someDestination",
 )
service.patch(
 `someUrl`,
 body,
 )

Error:

[2023-02-02T14:32:28.214Z] WARN (jwt): WarningJWT: The provided JWT payload does not include a 'user_id' property.
[remote] - Error: Error during request to remote service: 
Failed to load destination.
 at run (.../node_modules/@sap/cds/libx/_runtime/remote/utils/client.js:312:31)
 at processTicksAndRejections (node:internal/process/task_queues:95:5)
 at async RemoteService.<anonymous> (.../node_modules/@sap/cds/libx/_runtime/remote/Service.js:234:20)
 at async next (.../node_modules/@sap/cds/lib/srv/srv-dispatch.js:75:17)
 at async RemoteService.handle (.../node_modules/@sap/cds/lib/srv/srv-dispatch.js:73:10)
 at async ...
 at async ...
 at async Promise.all (index 2) {
 statusCode: 502,
 reason: {
 message: 'Error during request to remote service: \n' +
 "Failed to load destination. Caused by: No user token (JWT) has been provided. This is strictly necessary for 'OAuth2JWTBearer'.",
 request: {
 method: 'PATCH',
 url: '...',
 headers: {
 accept: 'application/json,text/plain',
 'accept-language': 'de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7',
 'content-type': 'application/json',
 'content-length': ...,
 'x-correlation-id': '...'
 }
 },
 correlationId: '...'
 }
}

Version:

@sap/cds: 6.4.1
@sap/cds-compiler: 3.3.2
@sap/cds-dk: 6.3.2
@sap/cds-dk (global): 6.3.2
@sap/cds-foss: 4.0.0
@sap/cds-mtx: -- missing --
@sap/cds-odata-v2-adapter-proxy: 1.9.18
@sap/eslint-plugin-cds: 2.6.0
@sap/xssec: 3.2.17
Node.js: v18.12.1

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
martinstenzig
Contributor
‎2023 Feb 03 5:49 PM
0 Kudos

Tobias, are you running this locally and/or are you getting the same problem in deployed environment?

tobias_steckenborn
SAP Champion
SAP Champion
‎2023 Feb 03 6:14 PM

martin.stenzig3 experiencing it also when deployed. It seems that most of the header information are taken from req.context.headers, which seems to be empty in case of the patch / UPDATE.

Need to dive a bit deeper into it when I find the time as I couldn‘t identify the source of deviation yet.

tobias_steckenborn
SAP Champion
SAP Champion
‎2023 Feb 07 9:00 AM
0 Kudos

For a get / READ when arriving in 

cds > lib > srv > srv-dispatch.js > dispatch > dispatch line number 15

req.context.headers.authorization and this.context.headers.authorization is filled. In this case also req.tx is defined. So it's in a proper transaction for get / READ.

For the patch / UPDATE in the same place req.context.headers is empty. Also req.tx is undefined. It's setting req.tx to this and in this "this" the headers only contain the correlation id:

{
  headers: {
    "x-correlation-id": "1a0aafe1-8d6b-4906-8983-a89daaf28ebb",
  },
  user: {
  },
  _features: undefined,
  _locale: "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7",
  features: {
  },
  id: "1a0aafe1-8d6b-4906-8983-a89daaf28ebb",
  locale: "de",
  tenant: "bb16fb22-e9d0-4c7b-b335-ea063e88bc02",
  timestamp: "2023-02-07T08:54:46.215Z",
}

It seems to be flaky though. I had situations in the debugger where this was set based on the initial read to the CAP service and contained the proper headers (but just when waiting for quite some time, so probably ran into timeout anyways).

hasanciftci
Explorer
‎2023 Oct 05 11:56 AM
0 Kudos

Hello, we are facing the same issue that req.headers.context.authorization is not filled and additionalOptions JWT does not return. Did you have a chance to find a solution for this issue?

Accepted Solutions (0)

Answers (0)

Ask a Question