Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Problem with triggering SAP BTP Workflow from SAPUI5 application

wskaw
Explorer

on ‎2022 Aug 22 1:24 PM

2,543

Hello,

I want to trigger Workflow from application by using bpmworkflowruntime destination defined on BTP.

I configured xs-app.json in application folder.

And here is my mta.yaml file.

In controller in function that handles the click of the button I wrote this code.

Here is my destination.

The error is 403 so it seems that it calls right destination but authorization is missing.

I was working with this tutorial: https://blogs.sap.com/2020/08/27/starting-workflow-from-custom-fiori-application-in-cloud-foundry/

I also tried to call bpmworkflowruntime/v1/xsrf-token but there was 404 error.

From my understanding if I am logged in using xsuaa on SAPUI5 it should automatically authorize the destination usage.

Can someone confirm if all my configurations are correct what should I do to get it working?

Thank you.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

tobias_breyer
Product and Topic Expert
Product and Topic Expert
‎2022 Aug 23 8:54 AM
0 Likes

Hi Wiktor,

if you use the "api.workflow-sap" domain in Postman and e. g. get your token with a respective OAuth flow yourself, then the issue likely relates to the App router, if it works in Postman.

I suggest you log the data in the "error" function (or check the response body in the browser network tab). If you get the error message I mentioned (User does not have sufficient privileges), then you actually reach the workflow. Likely that isn't the case.

If you receive another response body (perhaps a plain "Forbidden"), then it is the app router that "blocks" you. Also check the response headers then. It might be the case that the X-CSRF-Token header has the value "Required" indicating that you do not provide a CSRF token, but the call requires one (default value of csrfProtection setting in the routes is "true"). In fact, your code above does not specify one.

As you say, you receive a 404 from the "bpmworkflowruntime/v1/xsrf-token" end-point. Perhaps this is because you are missing the "rest" middle path (see bpmworkflowruntime/rest/v1/workflow-instances which you use in the other case).

Overall, I suppose you need:

- to retrieve the XSRF token from the correct URL from bpmworkflowruntime/rest/v1/xsrf-token using header "X-CSRF-Token" header with value "Fetch"

- to provide the returned token value in the X-CSRF-Token header of the POST call to bpmworkflowruntime/rest/v1/workflow-instances

Here are a few helpful links into the Guided Answers of workflow:

Authorization issues on Cloud Foundry

CSRF Token Handling on Cloud Foundry

Additionally, knowing how to access the log of the app router helps in these cases:

Issues integrating workflow capability with Launchpad service (managed app router)

Getting logs of standalone Application Router in the Cloud Foundry environment

Regards,

Tobias

Show replies
Show replies
tobias_breyer
Product and Topic Expert
Product and Topic Expert
‎2022 Aug 22 4:05 PM
0 Likes

Hi,

have you checked the calling user has suitable permissions?

See API docs: https://api.sap.com/api/SAP_CP_Workflow_CF/resource

POST workflow-instances, 403 => "User does not have sufficient privileges."

Roles permitted to execute this operation:

  • Global roles: WorkflowInitiator
  • Scope: WORKFLOW_INSTANCE_START
So you should validate that the user has WorkflowInitiator role.

Regards,

Tobias

Show replies
Show replies
wskaw
Explorer
‎2022 Aug 22 7:50 PM
0 Likes

Hi,

thank you for your answer.

I have tried calling the same API from postman and it works fine, so I think that is not a problem.

Best regards,

Wiktor

Ask a Question