on 04-16-2023 8:56 AM
Hello Community!
We are still testing the possibilities of the BTP before moving to real customer projects. We managed to setup a CAP application as a backend server, using CDS to reach HANA Cloud and an approuter to serve requests. These requests are authenticated via XSUAA service with OAuth2.0. Currently we can reach the endpoints via Postman with JWT-based authentication.
After this success, we tried to connect a frontend app to this service. As a first step we tried to generate a Fiori application via the template generator. When specifying a data service we chose the CDS app and it has been identified as an OData V4 service. However we got back an 'Authentication incorrect' error message when tried to login with the service username and password. I tried to modify the xs-security.json setup, leaving out the OAuth part, but the result was the same.
The xs-security.json is like this:
{
"xsappname": "cloud2",
"tenant-mode": "dedicated",
"scopes": [
{
"name": "$XSAPPNAME.Admin",
"description": "Admin"
}
],
"attributes": [],
"role-templates": [
{
"name": "Admin",
"description": "generated",
"scope-references": [
"$XSAPPNAME.Admin"
],
"attribute-references": []
}
],
"oauth2-configuration": {
"credential-types": [
"binding-secret",
"x509"
],
"redirect-uris": [
"https://*.cfapps.us10-001.hana.ondemand.com/**"
]
}
}
How should we solve this connection problem? Or we should change approach and forget the separated frontend/backend design?
Thanks for the answers!
András
In addition to Martins answer, you can also use TokenExchange to access the Backend from your Fiori Application.
With two MTA Applications (A - Your Fiori App with a XSUAA service instance and B - Your CAP application with its own XSUAA instance) you have to create a Destination to forward the JWT Token from the Fiori Application to the CAP Backend.
First create a Service Key for the XSUAA instance of application B (your CAP Backend).
Then create the Destination as follows:
For your REST-like interfaces you have to think how they should authenticate against your CAP backend.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
great answer, here is the documentation related to it as well:
User | Count |
---|---|
74 | |
9 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.