Showing results for 
Search instead for 
Did you mean: 

XSUAA Protected Service from Mobile Services

Hello all,

I created a CAP based application and deployed it to my Cloud Foundry space.
Everything is protected by XSUAA and works like a charm, no issues so far.

Now i would like to reference this service from a Mobile Application created using Mobile Services (CloudFoundry).

I got immediately stuck, because XSUAA protection starts to act weirdly.

Forwarding the authentication does not work, because mobile service application generates its own UAA service and whenever the authentication token is forwarded to the CAP Application the answer is:

Client ID <mobile_service_UAA_ClientID> does not match <CAP_UAA_ClientID>

I tried to bind the mobile service UAA to my application following this perfect blog: no luck either, the XSUAA login page does not let me in. The XSUAA log in the approuter says:

Invalid JWT Token

I then tried to create the destination in the mobile cockpit, setting OAuth2ClientCredentials security method.
Still, it doesn.'t work, the destination test fails.

Finished sending GET request to back end$metadata?auth=ua... in 419 ms. HTTP status from the back end is 401. 

I switched the backend security to "Basic Authentication" for the time being, but was anybody able to connect to a CAP-based service with XSUAA protection from MobileServices?



Accepted Solutions (1)

Accepted Solutions (1)


Hi Roberto,

I developed this scenario and got this error. My approach was:

  • In the mobile services destination, set "Forward Authentication" as SSO Mechanism and "Forward User Token To AppRouter" as true. The URL should point to your CAP approuter URL.
  • And look at this to solve the Client ID issue.

On the other hand, the new SSO mechanism mentioned by xiao-ming.xue sounds really good. I will check it out soon.

Hope this helps.

Best regards,



Hello Marc,

Thank you! It is working like a charm and very well explained!

All the best,

Answers (1)

Answers (1)

0 Kudos

"OAuth2 User Token Exchange" SSO mechanism is a new solution for such scenario.

It's same as the "OAuth User Token Exchange Authentication" in cloud destination where has more detailed information about configure properties.