Hi Community,

i'm going to build a cap app which consumes apis from other systems and which consumes events from eventmesh.
This cap app also exposes services (OData) for monitoring, starting implemented scenarios, getting data from it and so on. I also tried to implement JWT-based oAuth2 Security.

To achive this all i:

• In package.json is declared cds->auth->kind->"xsuaa".
• created xs-security.json with scopes ( for 'admin' ) and a role-template.
• In <service>.cds file i granted access roles to a user-group 'admin'.

After deployment i assigned the role to role-collection.

But here's the point where i'm not sure:

When i use another deployed service on btp, for example with postman, i get credentials such as clientId, clientSecret and a Token-Endpoint-URL to get an JWT-Token from a serivce key of a "service" (not an app) and with this token i can make the request i want to.

But how do i connect from postman to my cap-app and consume the OData-Services? I dont have a service key from where to get the clientid,clientsecret,tokenurl. And I additionally want use a real identified user to for getting access rights.

At the moment i do this with an additional approuter deployed as part of the mta.yaml. With browser i can login as a user and the approuter routes to the service (using oauth2). But how do i achive login with postman or other external consumers?

regards
Matthias