cancel
Showing results for 
Search instead for 
Did you mean: 

AppGyver BTP Authentication, CSRF token error with Create record

aoyang
Contributor
2,565

Hi SAP AppGyver team,

My Appgyver app is using BTP authentication to fetch OData(user info) from backend BTP ABAP Environment. The destination setup is done correctly in the BTP and the app is succesfully fetching the user info and displaying it as list.

Now, I've added user creation page and when the app calls "Create record" flow function for the OData, it returns "CSRF token validation failed" in the browser.

My OData accepts POST method to update the backend data source and I've tested it in the BTP ABAP environment, so it shouldn't be the problem of OData itself.

So is there a missing setting on my end in AppGyver or BTP destination?

Below are the screenshots for reference.

"Create record" and C_USER is the OData connected by BTP authentication. Data to be created are passed in "Record" property.

When I preview the app in web and push the button to trigger "Create record", it returns 403 POST error. In the response header, "x-csrf-token" is set to "Required". I think the correct way is for AppGyver to call HEAD or GET method of the ODATA and fetch the csrf-token and then finally call the POST method to perform the "Create record". I have feeling that AppGyver is not feetching csrf-token before hand..

The returned response is "CSRF token validation failed".

Thanks in advance!

Accepted Solutions (1)

Accepted Solutions (1)

kleventcov
Product and Topic Expert
Product and Topic Expert

Hi,

The 'Create record,' or POST request function is not yet natively supported for the BTP Destinations. It is possible to do this using a custom JavaScript flow function, but this workaround is fairly complicated, and we would highly advise against using it (especially since there are no known LIVE examples). We have the implementation in the development pipeline.

In case you are curious about the workaround. To make it work, you will need to create a GET request flow function via the custom JavaScript and store the CSRF Token in a variable. Then make a POST request flow function via JavaScript that sends the data with the token. As you can see the workaround involves writing JS code and is not suitable for Low-Code/No-Code solutions. Furthermore, creating workarounds with JS falls out of our support.

All in all, it would be best to wait for the official implementation.

Best regards,
Kirill

aoyang
Contributor
0 Kudos

Thanks for the answer. When is this official implementation planned? I don't think I see it in the road map.

https://roadmaps.sap.com/board?range=FIRST-LAST&PRODUCT=73554900100800003801#Q3%202022

kleventcov
Product and Topic Expert
Product and Topic Expert

The following implementation will most likely be released in the next large update during Q3. Unfortunately, I am unable to give any other details on the ETA.

quentinvillers
Explorer
0 Kudos

Hello Kirill, do you have a date for this Q3 release ? Many thanks!

kleventcov
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi, as mentioned in my previous comment, I am unable to give an exact date.

ratnarajesh_de
Explorer
0 Kudos

Do we have an update for the Post method using Appgyer

Answers (1)

Answers (1)

MarcHuber
Product and Topic Expert
Product and Topic Expert

Hi, yes it was implemented in Q3/2022. You can now create records without any workaround

aoyang
Contributor
0 Kudos

Thank you, it's working very well on the AppGyver Classic.

Ben_Samuel
Explorer
0 Kudos
hi Marc , can you share wht the solution is? i tried to get x-csrf-token using the http Request but doesntot work.
Ben_Samuel
Explorer
0 Kudos
Hi Marc. I try to post to C4C Ticket create got the x-crsf-token after the Http request with 'fetch' of the token, but i also need 'Set-cookie' value, which is not part of the header response, can you helpw?