Skip to Content
Technical Articles
Author's profile photo May B

SAP Cloud Foundry – Read user roles using NodeJS and XSJS (Part 4, 5)

Now that we have our MTA Application configured for routing between NodeJS and XSJS [link] and followed the steps for creating XSUAA, binding to our application and asigning the roles to a user [link] we now look at adding the below steps to read the roles assigned to our user.

We use the “whoAmI” and “userinfo” to read the roles and additional authorization information for the loggedin user. If you notice below the “req.authInfo” gives all the details about the user. We are simply sending this info back from the API call. In case of xsjs the $.session holds all the user information.

Part 4: Implement NodeJS API for user roles

  1. Extend our previously defined NodeJS function to incorporate two additional API calls.

    We are adding the below code:

    	app.get("/whoAmI", (req, res) => {
    		var userContext = req.authInfo;
    		var result = JSON.stringify({
    			userContext: userContext
    	app.get("/userinfo", function (req, res) {		
    		let userInfo = {
    			"emails": req.user.emails,
    			"scopes": req.authInfo.scopes,
    			"identity-zone": req.authInfo.identityZone
    		return res.type("application/json").status(200).json(userInfo);
  2. For xsjs create a user.xsjs and add the code:
    	var body = "";
    	body = JSON.stringify({
    		"session" : [{
    			"UserName": $.session.user,
    			"UserInfo": $.session.securityContext.userInfo,
    			"Scopes":   $.session.securityContext.scopes,
    			"Language": $.session.language
    	$.response.contentType = "application/json"; 
    	$.response.status = $.net.http.OK;​
  3. Run the project as NodeJS Application from your WebIDE

Part 5: Testing the User role API

  1. In Advanced Rest Client pass the below URL. Add your username and password in the params. Pass the client Id and Client Secret in the Authorization header. on “Send”. You will receive the access code:
  2. Now pass the access token as bearer in the authorization header of your userrole API call.
    Perform a GET call. The result from the API call is shown below. The scopes shows the list of roles assigned to the user:
  3. Testing the XSJS API for user roles:Pass the url and the bearer token as below:
    The result from the REST Client:

At the end of this blog we have successfully assigned the roles to a user and read the roles assigned using XSJS and NodeJS.

More references can be found at:



Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Umberto Panico
      Umberto Panico


      Please could you share Git project?
      Thanks you very very much.