on 04-27-2023 8:20 AM
We recently upgraded @sap/xssec from 2 to 3.2.17 in our CAP application (MultiTenant).
When basic auth is used for accessing the web service then "authInfo" is not present in the request Object.
Code snippet for exposed service. app.get('srv/proxy1/*', function(req, resp) { console.log("Sample Proxy1 authInfo: " + req.authInfo); console.log("Sample Proxy1 authInfo stringify: " + JSON.stringify(req.authInfo)); resp.status(200).send(req.authInfo); });
xs-app.json route snippet:
{
"source": "^/srv/proxy1/(.*)$",
"authenticationType": "basic",
"scope": "$XSAPPNAME.User",
"destination": "srv",
"csrfProtection": false
}
In version 2, we are getting req.authInfo.
Please help us in resolving this issue.
Below are CURL Sample requests in both versions which uses Basic Auth:
@sap/xssec version 2
Curl request:
curl --location 'https://664a1c8dtrial-dev-ro-ui.cfapps.us10-001.hana.ondemand.com/srv/proxy1/rest/api/2/issue/OAUT-1...' \
--header 'Authorization: Basic ********************** \
--header 'Cookie: JSESSIONID=s%3A2TuDaQ1mbYqnM1aNKLpp2a1biioKB-It.rcM60DBbonz0obLACNdcBdWzIedyDsTirTOn4Z8YgjU; __VCAP_ID__=761b6980-32fa-4c09-735c-361e'
response:
{
"token": "eyJhbGciOiJSUzI1NiIsImprdSI6Im",
"config": {
"tenantmode": "shared",
"sburl": ".....",
.......
},
"xsappname": "dev-ro-ui!t108408",
"isForeignMode": false,
"tokenContainsAttributes": true,
"tokenContainsAdditionalAuthAttributes": false,
"userInfo": {
"logonName": "ravikishore1979@gmail.com",
"givenName": "Ravi Kishore",
"familyName": "K",
"email": "ravikishore1979@gmail.com"
},
"scopes": [
"openid",
"dev-ro-ui!t108408.Administrator",
"dev-ro-ui!t108408.User"
],
"clientId": "sb-dev-ro-ui!t108408",
"identityZone": "71238aa6-92ac-4cbd-bad1-d3b2ed666e7e",
"subdomain": "664a1c8dtrial",
"origin": "sap.default",
"userAttributes": {},
"additionalAuthAttributes": "",
"serviceinstanceid": null,
"grantType": "password",
.....
},
"expirationDate": "2023-04-12T17:45:08.000Z"
}
@sap/xssec version 3
Curl Request:
curl --location 'https://a1b8a3d0trial-dev-ro-ui.cfapps.us10-001.hana.ondemand.com/srv/proxy1/rest/api/2/issue/OAUT-1...' \
--header 'Authorization: Basic ********************** \
--header 'Cookie: JSESSIONID=s%3AfHkHQkP83cbqZcJwx9mFx0-5tFcoVE4P.yQ462lfH33H643KhvzUTV0D%2BPX080Pw0o0jtFMMOeLQ; __VCAP_ID__=828a6484-ed93-47c9-4f62-16a6'
Response:
{}
User | Count |
---|---|
75 | |
8 | |
8 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.