on 2020 Feb 11 3:05 PM
Hi,
I'm trying to secure a NodeJS / CAPm app to be called by an external REST Client using xsuaa service. OAuth Flows using User Credentials (Like my S-User / Business Users) are working. Like it is described here:
But when I try to get a Bearer Token using Client Credentials Flow, the scopes I need to call my app are missing. I've bound a xsuaa instance to my approuter and node app using the credentials provided for the OAuth call. Only scope uaa.resouce is provided and when I request scopes of my app, they are not allowed.
Is there any tutorial how to do this or do you have any idea what I've done wrong?
Best
Alex
Request clarification before answering.
Hi
vitaly.kozyura thanks for the links. I used those links to get familiar with auth & CAP. However, as pointed out above, I was not able to get a bearer token using client credentials.
mariusobert I read your blog post as well and faced the same. I was not able to get a bearer token using technical credentials only and NO business user credentials (in addition).
A colleague of mine point out, that I have to change the cds-security.json and add the follwing:
"authorities":
[
"$XSAPPNAME.InternalApiUser"
]
After that change, using the OAuth Client Credentials created by the cf service key, I'm able to fetch an OAuth Token with the scope of my application. When calling the service with that token, its forbidden right now but I think I'm on the right path 🙂
Please let me know if you have any comments on that. I'll post an update once I have any news to share.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi shoosthuizen,
yes it is working for me now. I added missing dependencies to my package.json:
passport
@sap/xssec
@sap/audit-logging
and again in package.json make sure that the following is provided:
cds: {
requires: {
...
"uaa":{
"kind":"xsuaa",
"credentials": {}
}
}
}
I made these changes to my root package.json and to the package.json of the service module.
Hi gregorw
yes I mean cds-security.json according to capire documentation at:https://cap.cloud.sap/docs/guides/authorization#1-roles-and-attributes-are-filled-into-xsuaa-configu...
Best,
Alexander
I wasn't aware that there is already one out there for XSA. I've recently published a blog post about the same topic for Cloud Foundry.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Authentication: https://cap.cloud.sap/docs/node.js/authentication
Authorization: https://cap.cloud.sap/docs/guides/authorization
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
75 | |
30 | |
9 | |
8 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.