cancel
Showing results for 
Search instead for 
Did you mean: 

ODataModel not getting called when adding authorization header

Mattias
Active Participant
0 Kudos
136

Hello,
--------
Update 2024-06-25
It seems it's working as expected using the "SAP Business Application Studio Toolkit" - extension in VS Code, but not using Business Application Studio directly". Seems like there's a new bug/feature in Business Application Studio.

Maybe @MarcHuber or some other topic expert has some input.
---------

I have a weird problem that suddently appeared. We have an fiori application where we call a OData secured by a JWT Bearer token. We added the token when creating the odata model.

 

 

 

 

                    const oDataModel = new ODataModel({
                        "serviceUrl": "/odata/v2",
                        "headers": {
                            "Authorization": "Bearer " + accessToken.AccessKey
                        }
                    });

 

 

 

 

This has worked for us up until last Monday, when it suddenly stopped working from within Business Application Studio.

In WebDeveloperTools I can see that the response is a 401, that takes much shorter time than expected from the API

Mattias_0-1719228447743.png

I cannot see the call in the Terminal

 

 

 

 

info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/$metadata?sap-language=EN
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService2>/$metadata?sap-language=EN
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/$batch
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/$batch
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/$batch

 

 

 

 

 

If I however comment out the Authorization header in my call, or even replace the header name with anything else it behaves as expected. I get a popup asking for Basic Auth, and I can see the call in the terminal.

 

 

 

 

info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/$metadata?sap-language=EN
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/$metadata?sap-language=EN
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/$batch
info backend-proxy-middleware /odata/v2/$metadata         <-------------
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/
info backend-proxy-middleware /sap/opu/odata/sap/<OtherService>/$batch

 

 

 

 

 

I don't understand what is happening, but to me it seems like either Chrome or backend-proxy-middleware suddenly filters out calls with an Authorization header.  It seems like it's working on our version deployed on a Gateway Hub, so I tend to think it's the backend-proxy-middleware that does something.

Regards
Mattias

 





View Entire Topic
Mattias
Active Participant
0 Kudos

Thanks to a discussion on GitHub I've narrowed it down a bit more. 

If I use curl I can see that calls directly to the destination and localhost works

curl -I --header "Authorization: Bearer <token>" https://successfactors.dest/odata/v2/$metadata
curl -I --header "Authorization: Bearer <token>" https://localhost:8080/odata/v2/$metadata

However calls to the BAS proxy does not work
curl -I --header "Authorization: Bearer <token>" https://port8080-workspaces-xxxxxxx.eu20.applicationstudio.cloud.sap/odata/v2/$metadata

This calls again gives me 401 and never shows up in backend-proxy-middleware