grant-type
. You may use this as a setup for further exploration. I would be curious to know what you explored. Please share your own experiments in the comments.> npm init -y
> npm install -D open jwt-decode
> npm install -g httpyac
# get the api url for your SAP BTP, Cloud Foundry environment
> cf api <SAP BTP, Cloud Foundry API Endpoint>
# Login using SSO (or skip -sso to use password)
> cf login --sso
> btp login --sso
...
...
OK
...
> npx mbt build -t .
...
INFO the MTA archive generated at: cf-application_1.0.0.mtar
INFO cleaning temporary files...
> cf deploy cf-application_1.0.0.mtar -f --no-start
...
Process finished.
...
> cf create-service-key cf-application-uaa key1
..
> cf service-key cf-application-uaa key1
..{
"apiurl": "https://api.authentication.us10.hana.ondemand.com",
"clientid": "sb-cf-approuter!t53187",
"clientsecret": "045c6fe0-4df2-4ff7-BwhlOAVUxlXCqDvUHYW4lSKJyhNLjfXjpTuo=",
"credential-type": "binding-secret",
"identityzone": "provider-2022",
"identityzoneid": "3caxxxxe-4c10-488e-xxxx-2877xxxxf6a6",
"sburl": "https://internal-xsuaa.authentication.us10.hana.ondemand.com",
"subaccountid": "33caxxxxe-4c10-488e-xxxx-2877xxxxf6a6",
"tenantid": "3caxxxxe-4c10-488e-xxxx-2877xxxxf6a6",
"tenantmode": "shared",
"uaadomain": "authentication.us10.hana.ondemand.com",
"url": "https://provider-2022.authentication.us10.hana.ondemand.com",
"verificationkey": "-----BEGIN PUBLIC KEY-----....----END PUBLIC KEY-----",
"xsappname": "cf-approuter!t53187",
"zoneid": "3ca405fe-4c10-488e-a634-2877bdebf6a6"
}
# file: .env
blApp_xsappname=cf-application!t53187
blApp_clientId=sb-cf-application!t53187
blApp_clientSecret=045c6fe0-4df2-4ff7-BwhlOAVUxlXCqDvUHYW4lSKJyhNLjfXjpTuo=
blApp_url=https://xxx.authentication.xxNN.hana.ondemand.com
blApp_tokenEndpoint={{blApp_url}}/oauth/token
blApp_authorizationEndpoint={{blApp_url}}/oauth/authorize
blApp_scope=" "
#in Powershell
> $subaccount="3caxxxxe-4c10-488e-xxxx-2877xxxxf6a6"
#in bash
> subaccount="3caxxxxe-4c10-488e-xxxx-2877xxxxf6a6"
> cf create-service-key cf-approuter-uaa key1
..
> cf service-key cf-approuter-uaa key1
..
approuter_xsappname=cf-approuter!t53187
approuter_clientId=sb-cf-approuter!t53187
approuter_clientSecret=4e494f95-428a-4829-9a5d-f958gc6fx1Pg_3Hgi9kB3_RvtGsSKQsrs=
approuter_url=https://provider-2022.authentication.xxNN.hana.ondemand.com
approuter_tokenEndpoint={{approuter_url}}/oauth/token
approuter_authorizationEndpoint={{approuter_url}}/oauth/authorize
approuter_scope=" "
approuter_redirectUri=http://localhost:3030/callback
> btp get security/app cf-application!t53187 --subaccount $subaccount
appid: cf-application!t53187
xsappname: cf-application
planName: application
description: <null>
orgId: f2abe5d1-6906-4087-b088-70a886afc711
spaceId: <null>
userName: <null>
planId: ThGdx5loQ6XhvcdY6dLlEXcTgQD7641pDKXJfzwYGLg=
serviceinstanceid: e42921a1-f21d-4720-b1e4-57afa192cc70
masterAppId: <null>
tenant-mode: shared
scopes:
- description: Change grant type Excercise - Scope 1
name: cf-application!t53187.Excercise_User_Scope_1
- description: Change grant type Excercise - Scope 1
name: cf-application!t53187.Excercise_System_Scope_1
foreign-scope-references:
authorities:
- cf-application!t53187.Excercise_System_Scope_1
attributes:
role-templates:
- name: Excercise_Role_1
description: Change grant type Excercise - Role 1
version: JJBej3UQSHJKD7r+IkSTcsQncvwWwMSroxUvLJFrSSM=
scope-references:
- cf-application!t53187.Excercise_User_Scope_1
attribute-references:
appId: cf-application!t53187
capability-types:
instance-authorization:
oauth2-configuration:
token-validity: 0
refresh-token-validity: 0
autoapprove: true
grant-types:
- client_credentials
system-attributes:
allowedproviders: <null>
redirect-uris:
credential-types:
- binding-secret
- x509
> npx httpyac oauth2 --prefix blApp
eyJh.......
....
> npx httpyac oauth2 --prefix blApp | node decode-jwt.js
{
"jti": "5d0c373fd5954b4abce2fe1317d56bb7",
"ext_attr": {
"enhancer": "XSUAA",
"subaccountid": "3caxxxxe-4c10-488e-xxxx-2877xxxxf6a6",
"zdn": "provider-2022"
},
"sub": "sb-cf-application!t53187",
"authorities": [
"uaa.resource",
"cf-application!t53187.Excercise_System_Scope_1"
],
"scope": [
"uaa.resource",
"cf-application!t53187.Excercise_System_Scope_1"
],
"client_id": "sb-cf-application!t53187",
"cid": "sb-cf-application!t53187",
"azp": "sb-cf-application!t53187",
"grant_type": "client_credentials",
"rev_sig": "cccggg",
"iat": 9999999999,
"exp": 9999999999,
"iss": "https://provider-2022.authentication.us10.hana.ondemand.com/oauth/token",
"zid": "3caxxxxe-4c10-488e-xxxx-2877xxxxf6a6",
"aud": [
"uaa",
"cf-application!t53187",
"sb-cf-application!t53187"
]
}
│ mta.yaml
│ xs-security.json
│ .env
│ decode-jwt.js
│
└───srv/
package.json
mta.yaml
---
_schema-version: '3.1'
ID: cf-application
version: 1.0.0
modules:
- name: cf-application-srv
type: nodejs
path: srv
parameters:
buildpack: nodejs_buildpack
command: npx http-server
instances: 0 #dont-start the app
memory: 16M
disk-quota: 50M
no-route: true
build-parameters:
builder: custom
commands: []
include: ["package.json"]
requires:
- name: cf-application-uaa
resources:
# this represents a Business Logic Application
- name: cf-application-uaa
type: org.cloudfoundry.managed-service
parameters:
service: xsuaa
service-plan: application
path: ./xs-security.json
config:
xsappname: cf-application
oauth2-configuration:
credential-types:
- binding-secret
- x509
system-attributes: []
grant-types:
- client_credentials
# this represents a managed Application Router
- name: cf-approuter-uaa
type: org.cloudfoundry.managed-service
parameters:
service: xsuaa
service-plan: application
config:
xsappname: cf-approuter
role-templates:
- name: Token_Exchange
description: for User Token exchange
scope-references:
- uaa.user
oauth2-configuration:
credential-types:
- binding-secret
- x509
system-attributes: []
autoapprove: true
grant-types:
- authorization_code
srv/package.json
{
"name": "cf-application-srv",
"version": "1.0.0",
"description": "Change grant-types Exercise - Server",
"keywords": [
"xsuaa",
"cf"
],
"license": "ISC",
"dependencies": {
"http-server": "^14.1.1"
}
}
xs-security.json
{
"scopes": [
{
"name": "$XSAPPNAME.Excercise_User_Scope_1",
"description": "Change grant type Excercise - Scope 1"
},
{
"name": "$XSAPPNAME.Excercise_System_Scope_1",
"description": "Change grant type Excercise - Scope 1"
}
],
"authorities": ["$XSAPPNAME.Excercise_System_Scope_1"],
"role-templates": [
{
"name": "Excercise_Role_1",
"description": "Change grant type Excercise - Role 1",
"scope-references": [
"$XSAPPNAME.Excercise_User_Scope_1"
]
}
],
"role-collections": [
{
"name": "Excercise_Role_Collection_1",
"description": "Change grant type Excercise - Role Collection 1",
"role-template-references": [
"$XSAPPNAME.Excercise_Role_1"
]
}
]
}
.env
## Begin .env
## cf-application-uaa key1
blApp_xsappname=cf-application!tnnnn
blApp_clientId=sb-cf-application!tnnnn
blApp_clientSecret=
blApp_url=https://xxx.authentication.xxNN.hana.ondemand.com
blApp_tokenEndpoint={{blApp_url}}/oauth/token
blApp_authorizationEndpoint={{blApp_url}}/oauth/authorize
blApp_scope=" "
## cf-approuter-uaa key1
approuter_xsappname=cf-approuter!tnnnnn
approuter_clientId=sb-cf-approuter!tnnnn
approuter_clientSecret=
approuter_url=https://xxx.authentication.xxNN.hana.ondemand.com
approuter_tokenEndpoint={{approuter_url}}/oauth/token
approuter_authorizationEndpoint={{approuter_url}}/oauth/authorize
approuter_scope=" "
approuter_redirectUri=http://localhost:3030/callback
## End
decode-jwt.js
const chunks = [];
process.stdin.on('readable', () => {
let chunk;
while ((chunk = process.stdin.read()) !== null)
chunks.push(chunk)
});
process.stdin.on('end', () => {
const token = chunks.join("");
const decoded = require("jwt-decode")(token);
console.log(decoded)
});
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
32 | |
13 | |
13 | |
11 | |
10 | |
9 | |
7 | |
7 | |
6 | |
6 |