I have a simple CAP application that is trying to create business object in S/4. It is working well with a BasicAuth destination, but once I change to a destination with Principal Propagation I run into a 401 error.

I know it could have varying reasons, so ...

1. I figured it might be a csrf issue, so I took out that complexity and tried to do a pure read/GET to the S/4 API in question and I still get a 401

2. Then I I built another test app to simply use the Cloud SDK to test out the destination.

Once I pass in the request jwt token into the http request, the destination seems to work.

Cloud SDK Example Call:

const httpResponse = await executeHttpRequest({ destinationName: this._destinationName , jwt: this._jwt}, { method: 'get' }) 

3. Once I realized that the Auth token is not transferred I came across some answers suggesting that changing the destination to "HTML5.ForwardAuthToken": "true" might be the solution, but that also does not do the trick.

Is there an undocumented/documented feature in cds7 that I can set to enable this functionality?

What am I missing?

my package.json cds section looks as follows:

Here is the definition of our destination

{ "originalProperties": 
{ "Name": "s4v-ui-runtime", 
"Type": "HTTP", "URL": "http://[our cloud connector alias host]:443", 
"Authentication": "PrincipalPropagation", "ProxyType": "OnPremise", "HTML5.DynamicDestination": "true", <br>"Description": "S4V UI Runtime", <br>"sap-service": "3200", <br>"sap-platform": "ABAP", <br><br>"sap-sysid": "[our sid]", 
"sap-client": "[our client]" }

Question

My current versions are:

@cap-js/sqlite: 1.0.1
@sap/cds: 7.1.0
@sap/cds-compiler: 4.1.2
@sap/cds-dk: 7.0.3
@sap/cds-dk (global): 7.1.0
@sap/cds-fiori: 1.0.0
@sap/cds-foss: 4.0.2
@sap/cds-hana: 2.0.0
@sap/cds-mtxs: 1.9.2
@sap/eslint-plugin-cds: 2.6.3
Node.js: v18.16.0