on 01-11-2024 3:24 PM
I am having a running a pure API service (developed with CAP) with no UI that currently authenticates with grant type "client_credentials" to a BTP destination with basic authentication (fixed technical user). The service calls some OData services on a S/4 on-prem system.
Now I have the requirement to change the grant type to "password" in order to know what user did what and when especially when data have been created or modified. I am now using a destination with principal propagation for authorization.
The CAP service receives the JWT token grant type "password" within the header information of the request. But somehow the actual call of the destination is made with a token grant type "client_credentials" which of course causes a 401 error.
I did these steps which I've found on the internet:
- add "forwardAuthToken": true to credentials of CDS definition in package.json
- added approuter with "cds add approuter" and added "forwardAuthToken": true in properties
In server.js I had this coding before
const uaaServices = xsenv.getServices({ uaa: { tag: 'xsuaa' } })
const passport = require('passport')
const JWTStrategy = require('@sap/xssec').JWTStrategy
passport.use(new JWTStrategy(uaaServices.xsuaa))
...
app.use( ['/endpoint*', '/other/endpoint*'],
passport.initialize(),
passport.authenticate('JWT', { session: false }),
(req, res, next) => {
if (!req.authInfo) {
return res.status(401).end()
} else {
return res.status(403).end() next()
} }
)
Does this somehow interfere with the token coming in as request header?
User | Count |
---|---|
70 | |
9 | |
8 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.