cancel
Showing results for 
Search instead for 
Did you mean: 

SAP CAP with Event Mesh - Error: JWT with audience is not issued for clientIds

Animatron56
Participant
0 Kudos

we are currently trying to integrate the event mesh into our SAP CAP application. We followed this tutorial here: https://cap.cloud.sap/docs/guides/messaging/event-mesh Therefore our files looks like the following: 

event mesh config: 

{
  "options": {
    "management": true,
    "messagingrest": true,
    "messaging": true
  },
  "rules": {
    "topicRules": {
      "publishFilter": ["${namespace}/subaccounts"],
      "subscribeFilter": ["${namespace}/subaccounts"]
    },
    "queueRules": {
      "publishFilter": ["${namespace}/subaccounts"],
      "subscribeFilter": ["${namespace}/subaccounts"]
    }
  },
  "authorities": ["$ACCEPT_GRANTED_AUTHORITIES"],
  "xs-security": {
    "oauth2-configuration": {
      "credential-types": ["binding-secret", "x509"]
    }
  },
  "version": "1.1.0",
  "emname": "our-cool-event-mesh",
  "namespace": "cool/event/mesh"
}

package json: 

{
...
"cds": {
  "requires":  {
         "messaging": {
        "[production]": {
          "queue": {
            "name": "$namespace/subaccounts"
          },
          "kind": "enterprise-messaging"
        },
        "[hybrid]": {
          "kind": "enterprise-messaging-shared"
        }
      },   
}
}
}

However, when we deploy the application, we get the error: 

Error: Jwt token with audience: [ "here the event mesh client id is shown", uaa ] is not issued for these clientIds: [ here our srv application is shown ]

ERR at returnError (/home/vcap/deps/0/node_modules/@sap/xssec/lib/validator.js:308:25)

ERR at /home/vcap/deps/0/node_modules/@sap/xssec/lib/validator.js:392:36

 

We googled a bit about this error and we came accross this issue for the SAP cloud sdk: https://github.com/SAP/cloud-sdk-js/issues/3050 

In the ticket it says that: " it looks like the error is because the jwt is not how the xssec library expects it to be" which also the error message kind of says that a validator returned this error. However we are using the latest sap/xssec library (3.6.1) and cannot influence it any further. 

We also tried to delete the event mesh and deploy it again, but this also didnt fix the issue. 

Is this an issue with the xssec library and I need to open a ticket for SAP or do we have the event mesh falsely configured?  

Thank you very much i advance! 

 

Dinu
Contributor
0 Kudos
What is in the rest of the stack trace?
ADR
Participant
0 Kudos
@Animatron56, did you find any solution to this? I am also facing the same issue.

Accepted Solutions (0)

Answers (2)

Answers (2)

SebastianSchuck
Active Participant

Open a sap support ticket. Without going into details, this should be a known issue. AFAIK, there is no fix beside adjusting the lib's implementation. Which I do not recommend as a workaround unless you are willing to take the risk of having to maintain your lib's customization moving forwards.

Animatron56
Participant
0 Kudos

Hi @ADR , 

unfortunately I did not really find a solution. I just removed the following code from the event mesh config, then created a event mesh subscription in my subaccount and deployed very often.

  "xs-security": {
    "oauth2-configuration": {
      "credential-types": ["binding-secret", "x509"]
    }
  },

At some point it went through and I did not had any trouble ever since. But I cannot tell you which bit changed to make it work and I am also unable to reproduce it. 

 

ADR
Participant
0 Kudos
@Animatron56, I am able to resolve the issue now with messaging.kind: "enterprise-messaging-shared". With "enterprise-messaging", it was trying to create a webhook instead of AMQP. We are okay for the time being. Thanks for your response.