Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert

If you already know about cloud SDK or nestjs, you can jump directly to code section.

Why Cloud SDK JavaScript?

The SAP Cloud SDK supports you end-to-end when developing applications that communicate with SAP solutions and services such as SAP S/4HANA Cloud, SAP SuccessFactors, and many others.

Using the SDK, you can reduce your effort when developing an application on SAP Business Technology Platform by building on best practices delivered by the SDK. The SDK provides JavaScript libraries, project templates, and a continuous delivery toolkit.

Under the hood, Cloud SDK uses the Nest.js framework.

What is Nest.js?

With elements of OOP, Functional Programming, Functional Reactive Programming, JavaScript is now letting developers avoid the high learning curve faced in learning JAVA or others, also use one language for frontend and backend boosting dev process. 

PS. I love JavaScript ❤

Nest provides an out-of-the-box application architecture that allows developers and teams to create highly testable, scalable, loosely coupled, and easily maintainable applications. The architecture is heavily inspired by Angular

Talks apart, if you are trying out Cloud SDK/NestJs for learning or development purposes, enabling authentication might sound challenging there as going through the documentation might make you think you need to create a middleware or a guard to handle authentication and authorization.

Here's How to implement authentication and authorization. ??

1.To create a project you can use the command sap-cloud-sdk init <projectName>/ nest init <projectName>.(Click here to see how to Get Started)

2. Open the app.ts and add the following code:
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';

import { getServices } from '@sap/xsenv';
const xsuaa = getServices({ xsuaa: { tag: 'xsuaa' } }).xsuaa;

import * as passport from 'passport';
import { JWTStrategy } from '@sap/xssec';
passport.use(new JWTStrategy(xsuaa));

async function bootstrap() {
const app = await NestFactory.create(AppModule);
app.use(passport.authenticate('JWT', { session: false }));
await app.listen(process.env.PORT || 3000);

This will initialize a passport with JWTStreatgy. You already have enabled authentication at this stage.

learn  about  authentication and authorization with @sap/xssec.

3. To check authorization/check for scopes you can follow the below snippet. open app.controller.ts?
import { Controller, Get, Req, HttpException, HttpStatus } from '@nestjs/common';
import { AppService } from './app.service';
export class AppController {
constructor(private readonly appService: AppService) { }

getHello(@Req() req: any): any {
@Req() lets you access the request headers
const isAuthorized = req.authInfo.checkLocalScope('YourScope');//auth check
if (isAuthorized) {
return req.user;
} else {
return new HttpException('Forbidden', HttpStatus.FORBIDDEN);

We are done with the implementation. Fireworks!!! ??. the @Sap/xssec package saved us from all the efforts needed if we were supposed to create a custom middleware.

1 Comment